Market/notification of new app -Malware?Support

Last Updated:

  1. kg6epf

    kg6epf Well-Known Member

    I've had my phone for a year and nothing like this has ever happened to me before.

    I just had a pop up in the notification bar about a new app. Not an update to one I already have, but the Market logo saying there is a new app to download.
    Curious, I take a look and it opens me into the Android Market to download "Mobo Task Killer Pro" (no I don't use any task killers and not trying to start up that debate again). So I start to wonder if this was some new official Google thing (it's not) and I look into it a bit deeper. I didn't download but looking into it I find it curiously has all these positive reviews which I find odd due to the ongoing Task Killer debate, but that's not what this post is about. Taking a look at the permissions I see lots of stuff that I'd question, like why it would need access to be able to create network sockets and bluetooth connections.

    I'm wondering how this app download was pushed to my phone? I wasn't using my phone at all and it had been sitting idle all morning. Seems sort of reminiscent of the "Airpush" ads debacle but in any case I'm not thrilled with an app download being pushed to my phone. Worse than that, I hate to think that someone is trying to push out malware. Maybe I'm just paranoid, but either way, I don't like it.

    Below is the list of permissions it wants.

    Allows an application to create network sockets.
    Allows an application to view configuration of the local Bluetooth device, and to make and accept connections with paired devices.
    Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
    Allows an application to write to the USB storage. Allows an application to write to the SD card.
    Allows an application to configure the local Bluetooth device, and to discover and pair with remote devices.
    Allows an application to modify the sync settings, such as whether sync is enabled for Contacts.
    Allows an application to connect to and disconnect from Wi-Fi access points, and to make changes to configured Wi-Fi networks.
    Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.

  2. GandalfTehGray

    GandalfTehGray Well-Known Member

    I would report that to Google.
  3. G.Ri

    G.Ri New Member

    I got the same notification. There's a thread on xda too.

    ...oh wait. Can't post links yet. Just Google this, it's the thread id:
    "xda 1314702"

    It's "New App pop-up from the market?"

    I'd love to know what's causing this.
  4. titan2005

    titan2005 Well-Known Member

    Probably the AirPush Service. It's built into some apps and push advertisments to your status bar. There's an app which can detect AirPush but sometimes it will miss an app or two. Search for AirPush detector.
    Check recent install apps, maybe go to the market and read reviews. If it's an app causing it peoples will leave comments about it.
    deemedic likes this.
  5. scary alien

    scary alien not really so scary Moderator

    Welcome to the AndroidForums, G.Ri :).

    I was curious about this (not affected by it thank goodness), but I Googled your search term and wanted to post this link for you guys:

    New App pop-up from the market? - xda-developers

    G.Ri likes this.
  6. kg6epf

    kg6epf Well-Known Member

    The first thing I tried was the Airpush detector since it seemed similar to their tactics. Airpush detector shows negative.

    The other threads are trying to narrow down a possible culprit and lots of talk about it being Angry Birds, but I don't even have that installed (once upon a time yes, but SBF'd many times since).

    The only apps in common at this point seem to be:

    titanium backup (I have Pro so I'd be shocked if that was it)
    Adobe flash player 11

    Soundhound would be my best guess.

    Nice to see that there are some other folks working on figuring this out. Until it does, please be wary of pushed app notifications.
  7. scary alien

    scary alien not really so scary Moderator

    Yeah, I've got TiBu (Pro) and Adobe Flash, of course, but not the others (I'm guessing I have Facebook but have never launched it).
  8. kg6epf

    kg6epf Well-Known Member

    No luck in tracking down the source yet. XDA folks seem to be looking into it and got a response, but it still doesn't say how it's happening.

  9. G.Ri

    G.Ri New Member

    Just popped in from xda to give you guys what little info we have. Looks like you're on top of it though. That's a quote from my email up there. Waiting on a reply from the Mobo team, and I'll be sure to fill you all in if I get more info. I don't really know where else to look for clues about this. Soundhound is getting a lot of fingers pointed at it. I have infinity (paid version) though, so I'd be extremely disappointed in them if that's who pushed it.

    EDIT: Looking through this thread and xda, I realized that the only app that everyone effected has in common is Flash 11. And I seriously doubt that has anything to do with it. Dead end?
    kg6epf and Android Al like this.
  10. jerofld

    jerofld Fixing stuff is not easy VIP Member

    Here's something to ask:

    Do all of you that have this problem have "Unknown Sources" checked in your Applications settings? A lot of you are also rooted, because Titanium Backup is mentioned a lot.

    How much web browsing do you do? Do the websites offer to install the Android app of that webpage for you?

    A webpage may be backdooring an app onto your Android, and you may not be any wiser because it's being installed through a browser. I know these things generally alert us. But with SuperUser being borked the last week or so and if the OS wasn't preventing outside apps from could have been the perfect storm. And I doubt Lookout is designed to look at /system too hard.

    So, if you're rooted, I'd suggest you get an app like Autostarts (or a free equivilant) and see what apps are loading on boot. Because I am willing to bet that this has creeped into your /system/app folder. If you're not rooted, I'd recommend you download and see if something back door'd a root exploit onto you without your knowledge. If you are rooted when you shouldn't be, back up what you need and factory reset. If you're already rooted, try using the autostarts or whatever and report what it is to Google.
  11. Ricochet

    Ricochet Active Member

    So, I received a green star notification for a "Free Macbook Pro" for the first time, this morning.

    Here's the underlying URL (copyed into my PC's browser): pVNB5l63blf5QhatrU84NUROKLUkcwiUlNa1KjS4O80~

    Which produced this link (blocked by work's firewall as a "Malware site"):

    Maybe this'll be helpful to the xda guys. :confused:

    Unfortunately, my phone updated about 6 apps last night and since the New-&-Improved Market no longer displays My Apps chronologically (in order of updates), I don't know which one is the culprit. (Anyone know how to pull this info out?)

    I also installed the free 'OfficeSuite Pro' from Amazon, yesterday.

    When I get home, I'll grab the Airpush detector & Autostarts. :mad:
  12. deemedic

    deemedic Active Member

    happened to me and thanks to this thread and the air-push detector I found the app that caused it and uninstalled it.

    Hopefully this is the end of it.

Share This Page