My android cellphone (Stylo F1) is being repeatedly infected with malware. There appear to be 2 related malware "apps": "Magic" and "Settings". I have Webroot Secure Anywhere Mobile installed on this phone with all the recommended settings set. Webroot finds and identifies both "apps" and quarentines them both, but they keep on returning even after Webroot has deleted them. I have tried a clean factory reset/reinstal but the two malware apps returned immediately. After the factory reset Webroot immediately found "Magic", but not "Settings". Webroot quarantines "Magic" and asks me to delete it, which I do, but it keeps returning. Webroot identifies "Magic" as "AndroidScanner1.bad". Magic autonomously opens Google Chrome browser and links to a random website but will not allow the phone to respond to any commands thereafter. The malware called "Settings" is particularly troublesome because plays havoc with the phone's settings and it looks identical to the standard "Settings" app on the Android app list, although the file size is different (smaller). I do have a 32GB SD card fitted into the phone so its possible the malware has infected that too, which is how they return immediately after a factory reset/reinstal.I do not know how to get Webroot to scan the SD card for malware, or whether it routinely scans the SD card anyway.
Can you please advise what steps I should follow to permanently remove this malware and prevent it from returning?
This topic has been closed for comments
Userlevel 3
+6
A few quick questions: did you happen to download any games or apps before all the malware started showing up? If so, did they ask you to download an additional app, or simply not work at all? Did you download anything that seemed to disappear afterwards? I know Google has been removing alotta games & whatnot that were malware downloaders. I'm wondering if you might've given some app a permission that it might be exploiting. Also, try removing the SD card after you reset. If nothing pops up you'll have your answer
Thanks for the reply.
"...did you happen to download any games or apps before all the malware started showing up?" Yes, as it happens, I downloaded the Android app for Uber (the full app, not Uber Light) from the Google Play Store. If I recall correctly, it didn't work properly so I deleted it and downloaded Uber Light in its place. That seems fine and I still have it. I don't recall what permissions I granted to Uber (or Uber Light) but I do remember thinking that it looked like it wanted the whole 9 yards...the malware invasion started almost immediately afterwards.
"...did you happen to download any games or apps before all the malware started showing up?" Yes, as it happens, I downloaded the Android app for Uber (the full app, not Uber Light) from the Google Play Store. If I recall correctly, it didn't work properly so I deleted it and downloaded Uber Light in its place. That seems fine and I still have it. I don't recall what permissions I granted to Uber (or Uber Light) but I do remember thinking that it looked like it wanted the whole 9 yards...the malware invasion started almost immediately afterwards.
Userlevel 3
+6
Well, if/when you reset your phone DON'T reinstall the Uber stuff. Hopefully that'll be the end of it & your phone will function as normal. Also, if things are fine afterwards, do everybody a favor & report the apps to Google so they can clean house again. Antivirus & anti-malware apps can't take the place of due diligence. Just gotta use them together. Good luck
Thanks. I also logged an issue with the Webroot Technical team about this. They analysed the Webroot Secure Anywhere Mobile scanlog files and determined that the malware had been installed (and was being reinstalled every time Webroot quarantined and/or deleted it) by apps pre-installed on the phone by the manufacturer. This is a feasible explanation. The phone - a Stylo F1 - is an inexpensive model that came with 4 or 5 crap-ware apps pre-installed by the manufacturer. These apps can't be uninstalled or disabled. Occasionally they caused adverts to be randomly displayed, which I was prepared to live with because the phone was so inexpensive. Obviously, the malware is another matter entirely. The phone is still under warranty so I have returned it to the manufacturer via the retailer. I'm somewhat skeptical of receiving of a helpful response but let's wait and see.
Re Uber and Uber Lite: in my opinion, it is be very unlikely that such popular apps, with literally thousands of downloads daily, could be infected with malware without it being detected and fixed very quickly.
Re Uber and Uber Lite: in my opinion, it is be very unlikely that such popular apps, with literally thousands of downloads daily, could be infected with malware without it being detected and fixed very quickly.
Userlevel 3
+6
Unfortunately being on Play Store and being a popular download isn't a guarantee that there's no malware present. Just look up some of the articles about the apps they removed already. They were pretty popular too. I hadn't even thought about infected bloatware, but that's happened before too. On a side note, with the preinstalled bloatware you can restrict their background data, at least for the mobile data side. Might even speed up the phone a little bit
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.