Troubleshoot new stock Android phone infected by adware already ?

G

GrimBean

New Member
Thread author
Feb 5, 2018
2
In short, I haven't run any tools yet mentioned from Remove Pop-up Ads, Redirects, or Virus from Android Phone (Help Guide) on the Android Guide. I un-installed one app a month ago - 'Messenger lite' offered by facebook. I had re-installed it for a brief couple of weeks in January from my library in the Google Play store. It was backed up in my library from my previous old phone. After un-installing it, I still received at two or three adware pop up's. I still have Reddit installed.

The device does not appear to have any malicious apps pre-installed when I purchased this device brand new from the manufacturer. I checked all installed apps in settings and I don't see any malicious looking apps. Since the purchase of the device in Dec. 2018, I've only installed two apps - 'Messenger lite", and Reddit. Both were installed from the Google Play store.

I've seen maybe five different types of Adware pops-ups appear starting in late Dec 2017 / early Jan 2018. The last one occurring Super Bowl night 2018 that spoofed Amazon. In settings, I've had pop ups blocked (except third party), do not track turned ON, and privacy settings in Chrome (enabled) for safe browsing. I checked to be sure those settings were enabled immediately when I set up the phone in December. Reddit that I installed does not appear to be causing the issue because I had at least two adware pop up's occur even before it was ever installed. I received at least one adware pop-up before Messenger Lite was ever installed.

I haven't installed Zemana or Crap Cleaner yet. I am familiar with those, but I'm more familiar with the MalwareBytes tools than these others. The Guide for Android on MalwareTips doesn't mention using MalwareBytes (I don't know why).

Questions
1).Any idea on where the adware was installed on this phone?
2). What are the best recommended tools to remove Android adware?
3.) What other (optional) steps can I do ? (besides re-setting my router to factory setting)
4). Could (maybe) some of the tools and steps in the Windows Guide also be useful for Android too?
5). Should all backed up apps in my library (Google Play) be deleted ? Not certain if apps might be infected
I've only used Chrome for web searching on this device since set up. (Chrome current ver 64.0.3282.137).

Short background about this start up company - 'Essential'. This flagship device is 'bone' stock Android software - no bloatware. All apps came pre-installed with basically no permissions allowed.
 
  • Like
Reactions: Jack
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
GrimBean said:
In short, I haven't run any tools yet mentioned from Remove Pop-up Ads, Redirects, or Virus from Android Phone (Help Guide) on the Android Guide. I un-installed one app a month ago - 'Messenger lite' offered by facebook. I had re-installed it for a brief couple of weeks in January from my library in the Google Play store. It was backed up in my library from my previous old phone. After un-installing it, I still received at two or three adware pop up's. I still have Reddit installed.

The device does not appear to have any malicious apps pre-installed when I purchased this device brand new from the manufacturer. I checked all installed apps in settings and I don't see any malicious looking apps. Since the purchase of the device in Dec. 2018, I've only installed two apps - 'Messenger lite", and Reddit. Both were installed from the Google Play store.

I've seen maybe five different types of Adware pops-ups appear starting in late Dec 2017 / early Jan 2018. The last one occurring Super Bowl night 2018 that spoofed Amazon. In settings, I've had pop ups blocked (except third party), do not track turned ON, and privacy settings in Chrome (enabled) for safe browsing. I checked to be sure those settings were enabled immediately when I set up the phone in December. Reddit that I installed does not appear to be causing the issue because I had at least two adware pop up's occur even before it was ever installed. I received at least one adware pop-up before Messenger Lite was ever installed.

I haven't installed Zemana or Crap Cleaner yet. I am familiar with those, but I'm more familiar with the MalwareBytes tools than these others. The Guide for Android on MalwareTips doesn't mention using MalwareBytes (I don't know why).

Questions
1).Any idea on where the adware was installed on this phone?
2). What are the best recommended tools to remove Android adware?
3.) What other (optional) steps can I do ? (besides re-setting my router to factory setting)
4). Could (maybe) some of the tools and steps in the Windows Guide also be useful for Android too?
5). Should all backed up apps in my library (Google Play) be deleted ? Not certain if apps might be infected
I've only used Chrome for web searching on this device since set up. (Chrome current ver 64.0.3282.137).

Short background about this start up company - 'Essential'. This flagship device is 'bone' stock Android software - no bloatware. All apps came pre-installed with basically no permissions allowed.
Click to expand...
Hello,
Most likely your device isn't infected with malware, however you can run a scan with Malwarebytes and Zemana. We've recommended Zemana in the guide because it had a better detection for an adware family that was infecting phones at that time, however both are great scanners.
When are you seeing these Amazon pop-up ads? Only when you go to specific sites or all the time (even if your browser is not open)?
 
  • Like
Reactions: harlan4096
G

GrimBean

New Member
Thread author
Feb 5, 2018
2
Hi

All the Pop Up's I've seen since I had the phone are all different kinds of spoof pop ups. I've only seen one Amazon pop up which was the most recent occurance. All of the Pop-Ups only occurred when I was searching online. Can't remember all the sites they occurred on, except for the Amazon pop up. That happened when I was on Facebook.

So I ran a small test at first to see whether I may have picked up adw/malware.

I knew Chrome has the ability to sync a slew of options across multiple devices, from desktop computers to smartphones. With Chrome’s synchronization feature, you can have the same settings, bookmarks, extensions, logins, passwords, history, themes and even tabs open.
I do have a windows PC that I rarely, if ever go online anymore since it's no longer supported. But I remembered going online recently using Chrome on that PC. And that was right before the last Amazon pop up occurred on the phone.

So here's what I tested. I logged into my Google account on that PC. I went to the Google Activitiy page and opened some different tabs. Then I opened Chrome on my phone and under history I was looking at the same Google pages that I had open on the PC.

Now, I'm practically certain, that the PC is infected. So I'm suspecting that Chrome's sync shared the adw/malware to my phone.

So I needed to disable the saving and syncing on the PC version of Chrome because Chrome records them and syncs across all of devices that I'm logged into with my Google account. In addition, as soon as I log into a new device with my Google account, all of the previously synced data is brought over and saved to the new device.

So this is not a good scenario. If I have adware which can sync from one device to another, I don't want the PC to sync with any other device. I went in to Chrome's Advanced Sync Settings and found ALL settings were synced. So I unchecked ALL the boxes. I didn’t want anything to be included in sync.

I think this may have been the first step toward heading off any potential new adware. I will be downloading Malwarebytes on my android Essential phone soon to see if it finds any malware. My next step is to go into the network Admin settings on my Gateway and tinker around with the router.

Thanks for responding so quickly to my concerns that I sent regarding the issues I was having on my MalwareTips account ! This update I'm writing is on a different device that I didn't use to open my account. So everything looks to be good.
 
GonzitoVir

GonzitoVir

Level 5
Verified
Well-known
May 16, 2017
198
I know that many well known Chinese brands are already 'infected' by malware / adware. I haven't heard of malware in Essential phones though.
What I recommend you -to just get rid of the pop up ads- is to install a firewall like No Root Firewall and then check what app or program is trying to connect to the Internet. Then,
Block what it looks suspicious.
I recommend you try Malwarebytes or Dr. Web which do a good job catching many of those malwares. Good luck!
 
  • Like
Reactions: GrimBean

Similar threads

CyberTech
    • Like
    • +Reputation
Android adware apps on Google Play amass two million installs
Replies
0
Views
697
News Archive
CyberTech
CyberTech
Gandalf_The_Grey
Security News Free VPN apps on Google Play turned Android phones into proxies
Replies
0
Views
978
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • +Reputation
    • Like
    • Wow
Malware News Android malware Chameleon disables Fingerprint Unlock to steal PINs
Replies
1
Views
999
Security News
goldensu
G

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top