Need Help Infected phone subscribing me to paid SMS services?

Discussion in 'Malware Removal Assistance For Mobile' started by Slobodan, Sep 5, 2017.

Tags:
  1. Slobodan

    Slobodan Level 1

    Sep 5, 2017
    3
    3
    Serbia
    Android
    Malwarebytes
    Device model:
    Cubot Note S
    Operating System and Version:
    Stock Android 6.0
    Super User:
    No
    Infection date and initial symptoms:
    1-2 months ago.
    Current issues and symptoms:
    Subscribing me to a paid SMS services agains my will. I think it happens only when I use mobile internet connection. It does not happen when using WiFi.
    Steps taken in order to remove the infection:
    Tried various anti-virus/malware and trojan remover software.
    2 times it happened that I got subscribed (without my will) to some SMS services that cost money. First time it happened about 1-2 months ago, second time a few days ago.

    So, I installed Malwarebytes Antimalware for Android (I did not have any security software installed before), and it found 2 infections. One was Android/trojan.hiddenAds.ip, that injected itself into a system app for wireless system updates.

    Other was Android/Adware.YeMobi.a, that injected into a CallerIdSearch.apk. Seems that it is pre-installed on many phones.

    Neither of infections could be removed, only thing it could be done is disabling of infected apps (both system apps).

    I have read on the internet, about the same infection that happened to some guy, and everyone told him that Trojan has an absolute controll of his phone now, and that he should flash it as soon as possible. No other way of fixing it

    I have read on the news that Cubot is preparing Android 7 for my phone this month, and when it gets out, I will flash the phone.

    Untill then, I will use the phone in Safe Mode. But, will it do anything, because safe mode only disables non-system apps?

    Also, is it possible that this malware was sending SMS for subscribing to those paid services, from my phone, without me knowing?

    I have contaced my mobile service provider, and they have disabled an option for me to have any paid SMS services activated in the future. But, the damage has been done.
     
    Opcode likes this.
  2. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,285
    Caille
    Windows 10
    Contact your phone network provider and explain to them what has happened. They may even be able to revert the charges of the services and put a block on it happening in the future - should be easy to do for any good network provider as long as you don't use any premium phone subscriptions that is.

    I recommend you attempt to do a full restore of your device through recovery. Bear in mind you will lose data which isn't backed up appropriately... You can back up documents beforehand, but be cautious of doing this as well (not recommended unless it is essential).

    Try it out and keep us updated, I'm interesting in finding out what happens. I want you to have a malware-free device and be good to go again, not struggling trying to remove infections! :)
     
  3. Slobodan

    Slobodan Level 1

    Sep 5, 2017
    3
    3
    Serbia
    Android
    Malwarebytes
    I have contacted them and ask to block all options for me to be subscribed to any paid SMS services. This is a scam that is present in my country, because law allows this.
    I have flashed the phone with latest ROM from Cubot, and bought Malwarebytes Antimalware for Android.

    That was 2 months ago.
     
    Opcode likes this.
  4. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,285
    Caille
    Windows 10
    I apologise, I didn't notice the post date. I thought it was recent automatically because I was browsing the first page of the forum... My bad.

    It is good to know you contacted them about blocking all subscriptions, did they ever get back to you about this and confirm they had done this?

    These things happen over in France too... I once had a family member affected by this. I get a lot of spam texts/calls every few months but I simply ignore them, because answering unknown numbers or texts which seem suspicious can confirm to someone that there is someone on the other side actually operating the device. -> provides an opportunity for them to victimise.
     
  5. Slobodan

    Slobodan Level 1

    Sep 5, 2017
    3
    3
    Serbia
    Android
    Malwarebytes
    Yes, they confirmed it. But the damage was done (about 10-15 Euros).

    Here, we can just receive an SMS saying, "You have succesfully subscribed to this SMS service, bla bla bla. It will cost you this much for every SMS received. It costs this much to unsubscribe. Bla bla bla". They can just subscribe me to it, without my consent, it seems.
     
    Opcode likes this.
Loading...
Similar Threads Forum Date
Help with FBI Ransomeware infected Galaxy Note 5 Android phone Malware Removal Assistance For Windows Jan 3, 2017
need help with my infected Android mobile phone please Android, iOS and Windows 10 Mobile Jun 22, 2015
Infected of "com.android.srv" on phone and cannot delete it Technology News Jan 10, 2015