Malicious software (Trojan?) on Utopia M802/IMX515

drmattp

Member
Feb 12, 2011
4
0
Hello,

I purchased a Utopia M802/IMX515 from aliexpress. It came with a build dated 2011.01.01. I immediately installed the XAUMOD firmware on it, but I'm not sure which of these firmwares is responsible for the following program...

There is a program that hides from all task managers, but is visible in Settings -> Applications -> Manage Applications -> All.

At the very bottom is a strange chinese app:

6jepz9.jpg


It has some fairly intrusive permissions:

ilf481.jpg



Does anyone have any idea what this program is? The 'uninstall' option is greyed out - how would I go about finding this program and uninstalling it?

Many thanks,
Dr Matt
 
Last edited:

feverhost

Super Moderator
Staff member
Nov 26, 2010
868
48
I have a tablet that has the same thing.... a bit alarming. Can anyone give some light?
 

drmattp

Member
Feb 12, 2011
4
0
Ahhhh... thanks for that! I can rest easy now.

Thanks for a great firmware - it runs very well.
 

drmattp

Member
Feb 12, 2011
4
0
I gotta say - there is still something quite weird about that app. It says version 2.2, but Google Pinyin IME has only reached 1.3.2

I installed Google Pinyin IME from the market... The installed size for that app is around 5.5 meg. The installed size for this weird app is only 149 kb.

Most worrying of all, the permissions of this weird app don't match the official Market app. This weird app has access to "Your accounts" which the official Market app doesn't.

Sorry to harp on about this, but anyone care to lay my concerns to rest? Are these permissions sufficient to send my gmail password to some chinese server?
 

drmattp

Member
Feb 12, 2011
4
0
No matter. I figured out how to remove this from the image and reflash.

If anyone else would like to remove pinyin (or any other app for that matter) you can mount the system.img file in ubuntu using;

sudo mount -o loop system.img /mnt/SDCARD

(make the SDCARD directory first)

remove what ever apps you want (pinyin is in /apps/PinYinIME.apk and /lib/libjni_pinyinime.so) and then umount;

sudo umount /mnt/SDCARD

create a new md5sum;

md5sum system.img

(paste the result into a new text file called system.md5)

Proceed with flashing as per the original XAUMOD instructions.
 
Last edited:
Top