MSPSS: is there life after the helpdesk?

sharing solutions to uncommon IT problems

Archive for the ‘Android’ Category

Buying an Android S4 Clone… not my best idea! Malwares all over, tough to remove

with 4 comments


a couple of months ago I told to myself why spend 550 euro to buy a Samsung S4 when you can get the same software and very similar hardware for ~200?

So I went on Amazon and I bought this shiny, Chinese made new phone that looked exactly like an S4 (the model in this case was the HT-9500 but these clones are all the same).

The hardware and screen are great although the power button came off approx. 2 months after I bought it… but that was not the real turn off. The biggest annoyance were some recurring ads and random Chinese apps installed without my consent and whose provenance I couldn’t not trace.

At first I lazed around, trying to get it cleaned up using main stream Anti Viruses like AVG, Avast and Lookout… These last two didn’t even notice anything wrong, AVG at least was able to identify a malicious “Play Store” which resembled a lot the genuine “Google Play Store”.
I tried removing it through the AV console and the “manage apps” menu without luck: in both cases I got an error saying “uninstall unsuccessful”.

A little search on Google for the “Play Store” filename, uuplay.apk, returned few articles on how this Malware spreads.

To remove it, you will have to root your Android (FYI: rooting an Android mobile means enabling the all-powerful root user thus granting you special powers, such as deleting system files… and our uuplay.apk is marked as system file).

Info: Rooting, and this is only my understanding, is nothing more than connecting from your computer to Android with an app called ADB and push 3 apps (busybox, pwn and su) to the device. Those apps will then allow the user to take full control of the phone.

Now, rooting my Android device for me was not as easy as I had expected by reading several articles but this could be due to the fact that I was trying to use my Win7 VM running under VMware Fusion (on Mac).

No matter what rooting kit I used, or which ADB drivers I installed, the script would always fail with an “Access Denied”. For your reference, here are the rooting kits and drivers I tried out:
Rooting kits: SuperOneClick, mt6589_rooter, Motochopper_Auto_Root
ADB Drivers (you need these to connect and push the apps): “adt-bundle-windows-x86_64-20130917”

In the end, I managed to root it by doing it directly from Mac. The procedure in that case was fairly simple: Install the Android SDK and the platform-tools with it… The platform-tools come with ADB. After that I copied the content of Motochopper_Auto_Root content in that same folder and executed ./run.sh from the terminal.
It failed a first time as it couldn’t find the 3 apps but once I placed them where the script said it was looking for them, it worked like a charm.

As my mobile was officially rooted, I proceeded to the clean up:
I installed an app “ES File Explorer” which allows browsing and deletion of files (even system’s) using root powers (but you have to enable “root explorer” in the application settings).
Then I browsed /System/Apps and found my precious uuplay.apk and deleted it (one of the articles on the subject mentioned 2 more files but I only found the one).

The phone seems clean now but with Malware we never really know, I’ll keep you posted.

HTH,

Roberto.

Written by zantoro

October 13, 2013 at 9:00 pm

Posted in Android

Tagged with , ,