1. Download our Official Android App: Forums for Android!

Support Can I replace the bootloader (fastboot)? I think mine's got malware!

Discussion in 'Android Help' started by LozHensel, Apr 11, 2016.

  1. LozHensel

    LozHensel Newbie
    Thread Starter
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    After my trials and tribulations reported in this thread and this thread I think I may have found the cause of the problem and it's not pretty!

    This article suggests there is a new breed of malware that, if I'm reading it right, can infect the bootloader itself! I don't think I've got one of the three mentioned there specifically (though I might have) but I think I've got something similar


    Just to reiterate my specs, if they're relevant, I have an iNew L4 running Android 5.1 on Giff Gaff (which always detects as O2 for some reason) in the UK. it's not a phone supported by CyanogenMod... well... anything really, so compiling CyanogenMod or Android Open Source Project (AOSP), or Ubuntu Touch or something like that is by no means a certainty! The Manufacturers unhelpfully do not have a pubicly downloadable rom either.

    So can I somehow flash fastboot (I'm expecting it'll be a scary dd command to a usb port...)? If I compile CyanogenMod or something will it compile fastboot for the device or just for the desktop? Is it even possible?

     

    Advertisement

  2. El Presidente

    El Presidente Beware The Milky Pirate!
    Moderator
    Rank:
     #5
    Points:
    3,118
    Posts:
    32,120
    Joined:
    Jan 3, 2011

    Jan 3, 2011
    32,120
    24,096
    3,118
    Scotland
    You can't get malware that infects bootloaders so it's not that.

    Are you absolutely sure the firmware you're trying to install from the needrom site is legit?

    You're rooted yeah? Have you tried using a system file manager (root explorer) to remove the infection manually?
     
    Hadron likes this.
  3. LozHensel

    LozHensel Newbie
    Thread Starter
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    I'm not 100% certain it's legit, but the virus scanner (AVL - other scanners don't seem to scan /system and don't detect anything wrong at all) is reporting the same virus name as before (android.waps.a) and the symptoms are the same. This happened before I rooted it*.

    It is rooted now though (well it has been, I've flashed it again since then!) The problem is the apk that is showing as infected is LQLauncher3.apk, which from what I can figure out basically runs the user interface, so removing that is unlikely to be helpful. I haven't tried digging around inside the apk, actually. That's an idea. Is that what you meant?

    Actually, if I were to install another launcher, and then delete the default one...

    If that doesn't work then I probably *do* need to roll my own just to be sure, don't I?

    * I suspect it happened when I enabled installing apks from other sources for some android games I bought of Humble Bundle, but I don't really know - another article on the same topic suggest some infected apps made it into the Play store!
     
  4. Hadron

    Hadron  
    VIP Member
    Rank:
     #7
    Points:
    2,218
    Posts:
    22,846
    Joined:
    Aug 9, 2010

    Aug 9, 2010
    22,846
    16,272
    2,218
    Spacecorp Test Pilot
    Dimension Jumping
    As El Pres says, you can't infect the bootloader. There are rootkit trojans that can infect the ROM though, which is what that article is about (unlikely to meet these if you install apps from the Play Store, but tread carefully if you go to random download sites). Frankly if the built-in launcher is infected I'd think it more likely it was infected out of the box than then Humble Bundle contained malware.

    So replacing the ROM would fix one of these, but don't underestimate the effort needed to build CM for a device nobody else supports. Also fastboot isn't something you flash to the phone or compile, it's a utility that can be used to flash images to partitions on the phone (if you have an unlocked bootloader).

    GiffGaff don't have a network of their own, they just buy airtime off O2 and resell it. So my guess is that your device just doesn't know about GiffGaff and so is just identifying the network that they are piggy-backing on instead.

    As for replacing the launcher, I'd advise you to install the new one as a system app (e.g. use Titanium Backup to change it to a system app) and make sure it is working (including after a reboot) before you think about removing the existing launcher. If you just install a new launcher, remove the old one, and then do a factory reset for any reason you'll find yourself with no launcher at all.
     
    LozHensel and El Presidente like this.
  5. El Presidente

    El Presidente Beware The Milky Pirate!
    Moderator
    Rank:
     #5
    Points:
    3,118
    Posts:
    32,120
    Joined:
    Jan 3, 2011

    Jan 3, 2011
    32,120
    24,096
    3,118
    Scotland
    Which Humble Bundle did you get? They're something I always pick up and I've never had any issues with any of them.

    The install files are also directly from the game developers so it's unlikely they're infected.
     
    LozHensel likes this.
  6. LozHensel

    LozHensel Newbie
    Thread Starter
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    It looks like it was called "Humble PC and Android Bundle 13"

    edit: I apparently got it around August the 19th 2015. I don't think I ever disabled the options to install third party apks though, so that could have been the contamination vector even if it wasn't Humble Bundle its self.
     
  7. El Presidente

    El Presidente Beware The Milky Pirate!
    Moderator
    Rank:
     #5
    Points:
    3,118
    Posts:
    32,120
    Joined:
    Jan 3, 2011

    Jan 3, 2011
    32,120
    24,096
    3,118
    Scotland
    I'll check and see if that one is in my catalogue. I'm rooted with a custom recovery and can easily restore to stock if Humble is the problem (tomorrow though, it's kinda late) :)
     
  8. LozHensel

    LozHensel Newbie
    Thread Starter
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    That's brave! It is kinda late, I should probably go to bed too
     
  9. LozHensel

    LozHensel Newbie
    Thread Starter
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    It works!

    Replacing the launcher worked! I've gone with Buzz Launcher because I have, mostly, and deleted LQLauncher3. it seems to be gone. Let's hope it stays that way!

    Huge thanks to everyone - you've all be a huge help!
     
    El Presidente and Hadron like this.
  10. El Presidente

    El Presidente Beware The Milky Pirate!
    Moderator
    Rank:
     #5
    Points:
    3,118
    Posts:
    32,120
    Joined:
    Jan 3, 2011

    Jan 3, 2011
    32,120
    24,096
    3,118
    Scotland
    Nova is another very popular (and very good) alternative if you want to give that a go.

    I also liked Smart Launcher 3.

    Glad you're sorted though! :)
     
    LozHensel likes this.
  11. LozHensel

    LozHensel Newbie
    Thread Starter
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    I'll take a look at them. Thank you.
     

Share This Page

Loading...