This happens constantly when I try to browse, as I open apps, whatever, up pop the ads totally interrupting my use of the device. It worked fine for about 6 months, then all of sudden these pop up ads started appearing for g21news stories, tarot card readings, just a bunch of B.S. Have an Assurance Wireless U693CL that I got in July 2020. These malwares are so active, evasive and heavy, they render the phone completely useless, which is just super sad, especially during COVID when people really need their phone and internet. Last note, while these phones use low-end chipset from Qualcomm, like the 210/215 used in the U693CL, they are actually very capable chipset and can be a very suitable and functional modern entry-level phone for the low-income lifeline users and their day to day needs. I agree with the author of various post from Malwarebytes, there appears to be a break or vulnerability in UMX's software development custody to allow this to happen relatedly, and to both U683CL and now U693CL. I have done multiple soft/hard factory restore, and after the phone downloads the latest security updates, it would be back to the same situation with these malware, hijack and ad redirect.įrom these info, I am inclined to believe Assurance is not the main culprit but it's extreme careless or have no expert inhouse to monitor or address these problems. Servers seem to be hosted on systems with IP address serviced or registered through Alibaba, Tencent, or one of the other Chinese internet powerhouses. Domain names are all registered with China-based domain registrars. I logged the IP traffics and EVERY, I mean EVERY hijacked browser redirect or pop up ad that mask the screen are hosted by IP addresses in China. This happens when the phone is not touched or used, so some code is executing all these malicious behavior. In addition, there has been frequent Google Play Protect notifications indicate it found an app or blocked an app from being installed that was deem malicious. The phone system snapshot I took shows the update somehow changed the apk name and re-install re-enable it. Back at that time, the hijacked sites and pops were various game sites. Before the recent security update, that apk was called "Topic" app, I had it disabled and uninstalled via ADB shell commands. The g21news hijack was triggered by the "TopicNews" app. It acts as a backdoor to execute code that would otherwise subject to some Android OS level restrictions and it invokes APIs only true developers would know. It may seen like it cleaned off some malware but in reality, it activates another one but in dormant state. After 3 UMX security updates, and based on behaviors I saw and tracked, I am certain the Android Security updates pushed out by UMX has weakness/vulnerabilities. I implemented some tools from the previous rounds to shutdown and clean off these malware pushes. I am dumbfounded why Assurance and UMX allow this to continue to happen. I have been helping a family friend, a senior, with solving this exact issues on the U693CL. I work in the technical field of smartphones, including Android, so I have more than sufficient technical knowledge. We've been working on the UMX U693CL viruses in this thread: I think you may need to get to the most current update and then your phone will be virus free at least for now. If you get a new phone or do a factory reset the phone will update, but it may be several updates behind so you may have to go through the update process to manually check for updates and let them install two or three times until it says that you have the most current version. I had the virus in Dec/Jan, but then an update took it away so it seems that my phone has been virus free for the past few months. Several times UMX cleared the viruses off the phones with an update, but after a few months a new virus appeared. If you disable, you will lose functionality of that part of the system which may or may not be an issue. The UMX phones from Assurance (mine too) have had viruses on and off for the past couple years that are usually factory installed in system apps that can be disabled but not removed. I'm ok when it comes to phones but need someone to help walk me through. I've also noticed that I'm getting new pages in new tabs that are ads for games. I change it constantly, it always goes right back. G21 news is constantly popping up as my homepage. I have an assurance wireless umx, model U693CL. Endpoint Detection & Response for Servers
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |