Go Back   Android Forums > Android Phones > Motorola Droid X > Droid X - Support and Troubleshooting

test: Reply
 
LinkBack Thread Tools
Old October 23rd, 2011, 12:24 PM   #1 (permalink)
Member
Thread Author (OP)
 
kg6epf's Avatar
 
Join Date: Nov 2009
Location: So Cal
Posts: 199
 
Device(s): Verizon Galaxy Nexus
Carrier: Not Provided

Thanks: 51
Thanked 137 Times in 56 Posts
Default Market/notification of new app -Malware?

I've had my phone for a year and nothing like this has ever happened to me before.

I just had a pop up in the notification bar about a new app. Not an update to one I already have, but the Market logo saying there is a new app to download.
Curious, I take a look and it opens me into the Android Market to download "Mobo Task Killer Pro" (no I don't use any task killers and not trying to start up that debate again). So I start to wonder if this was some new official Google thing (it's not) and I look into it a bit deeper. I didn't download but looking into it I find it curiously has all these positive reviews which I find odd due to the ongoing Task Killer debate, but that's not what this post is about. Taking a look at the permissions I see lots of stuff that I'd question, like why it would need access to be able to create network sockets and bluetooth connections.

I'm wondering how this app download was pushed to my phone? I wasn't using my phone at all and it had been sitting idle all morning. Seems sort of reminiscent of the "Airpush" ads debacle but in any case I'm not thrilled with an app download being pushed to my phone. Worse than that, I hate to think that someone is trying to push out malware. Maybe I'm just paranoid, but either way, I don't like it.

Below is the list of permissions it wants.

NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.
CREATE BLUETOOTH CONNECTIONS
Allows an application to view configuration of the local Bluetooth device, and to make and accept connections with paired devices.
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
BLUETOOTH ADMINISTRATION
Allows an application to configure the local Bluetooth device, and to discover and pair with remote devices.
WRITE SYNC SETTINGS
Allows an application to modify the sync settings, such as whether sync is enabled for Contacts.
CHANGE WI-FI STATE
Allows an application to connect to and disconnect from Wi-Fi access points, and to make changes to configured Wi-Fi networks.
MODIFY GLOBAL SYSTEM SETTINGS
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.

Advertisements
kg6epf is offline  
Last edited by kg6epf; October 23rd, 2011 at 12:30 PM.
Reply With Quote
sponsored links
Old October 23rd, 2011, 02:17 PM   #2 (permalink)
Senior Member
 
GandalfTehGray's Avatar
 
Join Date: Dec 2010
Location: Texas
Posts: 846
 
Device(s): Kyocera KX414, LG vx8300, LG Voyager, Droid X Retired, Galaxy Nexus Custom Moto X
Carrier: Not Provided

Thanks: 92
Thanked 96 Times in 82 Posts
Default

I would report that to Google.
__________________
I am a servant of the Secret Fire, wielder of the flame of Anor. The dark fire will not avail you, flame of Udn.

How to SBF http://www.youtube.com/watch?v=N0jrXqqiepI
GandalfTehGray is offline  
Reply With Quote
Old October 23rd, 2011, 05:07 PM   #3 (permalink)
New Member
 
Join Date: Apr 2011
Posts: 3
 
Device(s):
Carrier: Not Provided

Thanks: 1
Thanked 3 Times in 2 Posts
Default

I got the same notification. There's a thread on xda too.

...oh wait. Can't post links yet. Just Google this, it's the thread id:
"xda 1314702"

It's "New App pop-up from the market?"

I'd love to know what's causing this.
G.Ri is offline  
Reply With Quote
Old October 23rd, 2011, 06:05 PM   #4 (permalink)
Junior Member
 
Join Date: Oct 2010
Posts: 70
 
Device(s):
Carrier: Not Provided

Thanks: 4
Thanked 10 Times in 9 Posts
Default

Probably the AirPush Service. It's built into some apps and push advertisments to your status bar. There's an app which can detect AirPush but sometimes it will miss an app or two. Search for AirPush detector.
Check recent install apps, maybe go to the market and read reviews. If it's an app causing it peoples will leave comments about it.
titan2005 is offline  
Reply With Quote
The Following User Says Thank You to titan2005 For This Useful Post:
deemedic (August 7th, 2012)
Old October 23rd, 2011, 10:33 PM   #5 (permalink)
not really so scary
 
scary alien's Avatar
 
Join Date: Mar 2010
Location: Indy
Posts: 17,310
 
Device(s): LG Nexus 5, Samsung Galaxy Nexus, Asus Nexus 7, Moto Droid X, HTC Droid Eris
Carrier: T-Mobile

Thanks: 32,732
Thanked 14,917 Times in 7,302 Posts
Default

Quote:
Originally Posted by G.Ri View Post
I got the same notification. There's a thread on xda too.

...oh wait. Can't post links yet. Just Google this, it's the thread id:
"xda 1314702"

It's "New App pop-up from the market?"

I'd love to know what's causing this.
Welcome to the AndroidForums, G.Ri .

I was curious about this (not affected by it thank goodness), but I Googled your search term and wanted to post this link for you guys:

New App pop-up from the market? - xda-developers

Cheers!
scary alien is online now  
Reply With Quote
The Following User Says Thank You to scary alien For This Useful Post:
G.Ri (October 24th, 2011)
Old October 24th, 2011, 12:48 AM   #6 (permalink)
Member
Thread Author (OP)
 
kg6epf's Avatar
 
Join Date: Nov 2009
Location: So Cal
Posts: 199
 
Device(s): Verizon Galaxy Nexus
Carrier: Not Provided

Thanks: 51
Thanked 137 Times in 56 Posts
Default

The first thing I tried was the Airpush detector since it seemed similar to their tactics. Airpush detector shows negative.

The other threads are trying to narrow down a possible culprit and lots of talk about it being Angry Birds, but I don't even have that installed (once upon a time yes, but SBF'd many times since).

The only apps in common at this point seem to be:

titanium backup (I have Pro so I'd be shocked if that was it)
Adobe flash player 11
Soundhound
Facebook

Soundhound would be my best guess.

Nice to see that there are some other folks working on figuring this out. Until it does, please be wary of pushed app notifications.
kg6epf is offline  
Reply With Quote
Old October 24th, 2011, 07:57 AM   #7 (permalink)
not really so scary
 
scary alien's Avatar
 
Join Date: Mar 2010
Location: Indy
Posts: 17,310
 
Device(s): LG Nexus 5, Samsung Galaxy Nexus, Asus Nexus 7, Moto Droid X, HTC Droid Eris
Carrier: T-Mobile

Thanks: 32,732
Thanked 14,917 Times in 7,302 Posts
Default

Quote:
Originally Posted by kg6epf View Post
titanium backup (I have Pro so I'd be shocked if that was it)
Adobe flash player 11
Soundhound
Facebook

Soundhound would be my best guess.

Nice to see that there are some other folks working on figuring this out. Until it does, please be wary of pushed app notifications.
Yeah, I've got TiBu (Pro) and Adobe Flash, of course, but not the others (I'm guessing I have Facebook but have never launched it).
scary alien is online now  
Reply With Quote
Old October 24th, 2011, 06:47 PM   #8 (permalink)
Member
Thread Author (OP)
 
kg6epf's Avatar
 
Join Date: Nov 2009
Location: So Cal
Posts: 199
 
Device(s): Verizon Galaxy Nexus
Carrier: Not Provided

Thanks: 51
Thanked 137 Times in 56 Posts
Default

No luck in tracking down the source yet. XDA folks seem to be looking into it and got a response, but it still doesn't say how it's happening.

Quote:
Hi,
Thanks for your feedback and sorry for any inconvenience caused.
We are cooperating with a 3rd party promotion platform which agrees to advertise our app. We are sorry that their method of promoting our app make you uncomfortable and we have already told them to stop adopting this advertising method.
If you do have further more questions or suggestions, please feel free to contact us.
Looking forward to your reply!
--
Best regards,
Task Killer Team
kg6epf is offline  
Reply With Quote
Old October 24th, 2011, 10:19 PM   #9 (permalink)
New Member
 
Join Date: Apr 2011
Posts: 3
 
Device(s):
Carrier: Not Provided

Thanks: 1
Thanked 3 Times in 2 Posts
Default

Just popped in from xda to give you guys what little info we have. Looks like you're on top of it though. That's a quote from my email up there. Waiting on a reply from the Mobo team, and I'll be sure to fill you all in if I get more info. I don't really know where else to look for clues about this. Soundhound is getting a lot of fingers pointed at it. I have infinity (paid version) though, so I'd be extremely disappointed in them if that's who pushed it.

EDIT: Looking through this thread and xda, I realized that the only app that everyone effected has in common is Flash 11. And I seriously doubt that has anything to do with it. Dead end?
G.Ri is offline  
Last edited by G.Ri; October 24th, 2011 at 10:34 PM.
Reply With Quote
The Following 2 Users Say Thank You to G.Ri For This Useful Post:
Android Al (October 24th, 2011), kg6epf (October 25th, 2011)
Old October 25th, 2011, 08:20 AM   #10 (permalink)
Fixing stuff is not easy
 
Join Date: May 2011
Location: Over there <points>
Gender: Male
Posts: 7,690
 
Device(s): Samsung Galaxy S3; Asus Infinity
Carrier: Sprint

Thanks: 2,117
Thanked 4,313 Times in 2,513 Posts
jerofld
Default

Here's something to ask:

Do all of you that have this problem have "Unknown Sources" checked in your Applications settings? A lot of you are also rooted, because Titanium Backup is mentioned a lot.

How much web browsing do you do? Do the websites offer to install the Android app of that webpage for you?

A webpage may be backdooring an app onto your Android, and you may not be any wiser because it's being installed through a browser. I know these things generally alert us. But with SuperUser being borked the last week or so and if the OS wasn't preventing outside apps from installing...it could have been the perfect storm. And I doubt Lookout is designed to look at /system too hard.

So, if you're rooted, I'd suggest you get an app like Autostarts (or a free equivilant) and see what apps are loading on boot. Because I am willing to bet that this has creeped into your /system/app folder. If you're not rooted, I'd recommend you download https://market.android.com/details?id=com.joeykrim.rootcheck and see if something back door'd a root exploit onto you without your knowledge. If you are rooted when you shouldn't be, back up what you need and factory reset. If you're already rooted, try using the autostarts or whatever and report what it is to Google.
jerofld is offline  
Reply With Quote
sponsored links
Old October 27th, 2011, 07:50 AM   #11 (permalink)
Junior Member
 
Join Date: Jan 2010
Posts: 40
 
Device(s): Motorola Droid 3, Motorola Droid
Carrier: Not Provided

Thanks: 19
Thanked 4 Times in 4 Posts
Post

So, I received a green star notification for a "Free Macbook Pro" for the first time, this morning.

Here's the underlying URL (copyed into my PC's browser):
http://ad.leadboltapps.net/clk?pf=2&ad_id=32645&section_id=863051297&dev=fI-oSjrAlyeJ2ijuBs6oDOgh7XONpI9p1Qvr-jJV5Z2jHF8LaH0d398oBBuF3hia9qB3Q5al89_mV-bFhlj6EXnzmtlrLYOdeEi8_C35mfZJE_Dnn37iJ2EPSmea09Mx pVNB5l63blf5QhatrU84NUROKLUkcwiUlNa1KjS4O80~

Which produced this link (blocked by work's firewall as a "Malware site"):
http://click.jve.net/ez/cksekqpkinkzx/&subid1=191140&subid2=10_106018820_5dbeaa97-b015-4764-a207-02e35dc164dc&subid3=10027681

Maybe this'll be helpful to the xda guys.


Unfortunately, my phone updated about 6 apps last night and since the New-&-Improved Market no longer displays My Apps chronologically (in order of updates), I don't know which one is the culprit. (Anyone know how to pull this info out?)

I also installed the free 'OfficeSuite Pro' from Amazon, yesterday.

When I get home, I'll grab the Airpush detector & Autostarts.
Ricochet is offline  
Reply With Quote
Old August 7th, 2012, 07:20 AM   #12 (permalink)
Junior Member
 
deemedic's Avatar
 
Join Date: Aug 2010
Location: Pikesville, MD
Posts: 39
 
Device(s): Droid X
Carrier: Not Provided

Thanks: 19
Thanked 5 Times in 3 Posts
Send a message via ICQ to deemedic Send a message via AIM to deemedic Send a message via MSN to deemedic Send a message via Yahoo to deemedic Send a message via Skype™ to deemedic deemedic@gmail.com
Default

happened to me and thanks to this thread and the air-push detector I found the app that caused it and uninstalled it.

Hopefully this is the end of it.
deemedic is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Phones > Motorola Droid X > Droid X - Support and Troubleshooting
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 12:31 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.