threat found: com.android.mms

It cant be removed as its a system app. If your wife`s phone didnt get the last definition update then she wont get the FP. If she checks for an update now she will get the latest defs which doesnt have the FP

Webroot is saying it's infected all of a sudden.  Nothing I nor Webroot Complete installed on phone have done yet has cleared the warning/possible infection.

Exact same problem found on both my wife and my phone earlier this evening. Have been troubleshooting and researching on line for at least 2 hours now and also found Tech Support already closed. We have Samsung Galaxy S-4's and up until a few hours ago we didn't have this problem. I've uninstalled and reinstalled Webroot Secure-Anywhere Complete on both phones, hoping it would prompt a new result...but no change. Found that this "Android.SmsSpy" is listed by Webroot and several other virus scanners as a Trojan Malware Messaging spyware which shows up on our threat scans as  "com.android.mms". The "F-Secure" website summarizes the threat as: SmsSpy.F is a malware that targets banking consumers in Spain, posing as an Android Security Suite application.
 
Well, suffice it to say, it's either a threat definition update that wasn't thoroughly run-through by Webroot before being deployed today, or something bigger is out there that a large number of people now have. I'm on the hold line with Sales to try and get a human-being that I can notify of this potentially high-risk threat...either high-risk to the user, or high-risk to the Webroot company because of the trouble it is now causing many customers...who may opt to use competitive software after this if Webroot doesn't get this under control ASAP. With luck, my already 15 minutes on hold will end with an empathetic and professional agent that will see the value in contacting some on-call technical support personnel to tackle this. I'll update again if a human-being finally answers and we get anything new. Thanks. Paul - Tampa

I just got the notification as well. Won't uninstall because of messaging app. Hopefully it was a false positive and an update on a definition that was missed. I ignored it 😕 .... I HOPE it is nothing big or an actually spyware. I totally just put my GF through 21 questions asking if she installed a sms spyware onto my phone hahahaha....glad I'm not the only one going through this. ***crossing fingers in a definition problem and a false positive***

@BB613 wrote:

@ wrote:
GZOne Commando w Android keeps getting a spyware threat for Android Messaging app which I can't uninstall or keep Webroot for flagging. I also cannot use my messaging app because the shield pops up.

Welcome to the community.
 
I suggest you contact information to Tech Support by submitting a support ticket. They will be able to help you out.
 
Please do let us know what they say and come back often and share your experiences!
 
Beth

There is no need to contact support as they already know about the issue and it will be fixed in the next 24 to 48 hours.
 
From Support:
 
Hello,

Thank you for contacting Webroot Support. We apologize for any inconvenience this issue may have caused.

It does appear the detection in question was a false positive. We have re-evaluated the definition detecting the application you report and corrected the false positive on our end. Within the next 24-48 hours we will release a new definition set with those corrections and you should no longer see that detection. In the meantime, you may choose the option to "Ignore this threat" and this will prevent Webroot from displaying the alert again for that particular app. We appreciate your report and thorough troubleshooting!

Regards,

The Webroot Mobile Threat Research Team

It just happened to me too!  You posted seconds before I did.  Glad to know I'm not the only one...I guess.  But this is disturbing.  It's a tracking program from what I found from searching on the web.

Got the same message back from Tech Support.  Only thing kind of suspect is I got the reply a mere second or two after I submitted it.  Hope it's not just a blanket auto-reply for all false positive submissions. 

I contacted technical support and recieved an automated message that stated it is a false positive that will be fixed in 24-48 hours.  If you go into Application Manager and look at the messaging app info, you can clearly see that this app tracks your location and reads all your messages.  So even when this "bug" is fixed, you still will be tracked.  I guess just a lot more people are aware of it now! :8

Same here. Just woke up from a nap and threat keeps coming up on my messages. WTF?

I do hope everyone has seen the solution/report from tech support posted by TripleHelix and arholland84.
 
I see that many new members have received the same mesage from Webroot on their Android phone. I would like to thank all of you for sharing that information with us.
 
Welcome to the community ypekhman, albuchs, RKSJBeck, LGP, rocke06, nwalden,  napierite, tl97, tblairmaylee, boochman123, nathanedwards810, Bearle, albuchs, rocke06, tholland38, OKSooner1,
gbn08, mcgyyvr,  and aimeehart!
 
I hope I did not leave anyone out
 
Please do come back often and share your experiences. Thats what its all about, sharing experiences, learning from one another and helping each other out!
 
See all of you around in the community!
 
Beth
 
 

I have read through all of the pages of this thread up to thus far, but I have not gone through the other related threads.  I'm far from an expert on WebRoot and also must admit that aside from the contents of this thread I have relatively little knowledge of this situation other than my own experience.  Please forgive me for any lack of knowledge I may have on the subject.  So, just as I suspected when this popped up on my phone it is a false positive.
 
Not really saying anything that anyone else hasn't said so far; however, here are my thoughts on this issue.  I know I would (and I'm guessing at least a few others would) have liked to have had some form of official comunication out reach from Webroot notifying about the issue.  An e-mail to users with a registered Android device or even some type of in app notification pushed out would have been very valuable to me.  I know I was really worried and confused for at least a few hours as I was unable to really research the issue to find out what it was about.  To top it all off I was in the middle of a semi-important text conversation when the alert came in.  Another thing I would have found invaluable would have been for the app to provide more information on the infection than just a name.  Maybe a brief description and the location of the infected files to help me understand the nature of the infection.
 
Don't get me wrong these are not meant to be viewed as complaints.  These are intended to be viewed as suggestions or improvements that would perhaps make a situation like this better in the future.
 
I'm sure WebRoot will have the situation handled shortly, but in the mean time it is not too late to send out that message and help those that may still be out of the loop on the situation.
 
Now, perhaps this has already happened or is already available.  If so please disregard that part of this post.

@ wrote:
I have read through all of the pages of this thread up to thus far, but I have not gone through the other related threads.  I'm far from an expert on WebRoot and also must admit that aside from the contents of this thread I have relatively little knowledge of this situation other than my own experience.  Please forgive me for any lack of knowledge I may have on the subject.  So, just as I suspected when this popped up on my phone it is a false positive.
 
Not really saying anything that anyone else hasn't said so far; however, here are my thoughts on this issue.  I know I would (and I'm guessing at least a few others would) have liked to have had some form of official comunication out reach from Webroot notifying about the issue.  An e-mail to users with a registered Android device or even some type of in app notification pushed out would have been very valuable to me.  I know I was really worried and confused for at least a few hours as I was unable to really research the issue to find out what it was about.  To top it all off I was in the middle of a semi-important text conversation when the alert came in.  Another thing I would have found invaluable would have been for the app to provide more information on the infection than just a name.  Maybe a brief description and the location of the infected files to help me understand the nature of the infection.
 
Don't get me wrong these are not meant to be viewed as complaints.  These are intended to be viewed as suggestions or improvements that would perhaps make a situation like this better in the future.
 
I'm sure WebRoot will have the situation handled shortly, but in the mean time it is not too late to send out that message and help those that may still be out of the loop on the situation.
 
Now, perhaps this has already happened or is already available.  If so please disregard that part of this post.

Welcome seven_7_vii_th
 
I missed your post yesterday and appreciate your feedback as well! I agree that an email would be helpful in these security issues! Maybe you could put this in our Ideas Exchange Here
 
Hopefully all this was sorted out for you! Please don't don't be a stranger and join in the Forum for we learn alot and we do have fun!
 
Thanks Again,:D

Thats isnt how it works, its not a blanket whitelist of all messenging apps or that application. If the application gets an update and thus changes that ignore setting wont apply any more.