- Jan 22, 2017
- 1
- 11
Hello,
I bought a week ago in an hypermarket price reduced new Redmi 2. It was repacked, but fully closed in disposable packaging, brand new.
After some use I noticed that every time after open the browser I will be redirected to spam sites, with a new tab, no matter Chrome or stock browser.
I didnt installed any ohter apps, and chrome was from Google Play! Misterious. The virus scanner doesnt found anything.
MIUI version was 15.xxx, very strange, and not updateable.
So I connected the phone with notebbok and logged the events via adb.
And yes, one app was infected with malware / browser hijack.
So I searched in the adb console for process ID , which called this spam/malware site... And PID 1230 was stock youtube app.
Also was it running in SU mode and had fully access to almost all, includes installig and removing apps, contacts, sms and already everything.
Because it was the stock system app and no root, there was no possibility to remove it. It was protected from updates and after shutdown with adb (pm disable com.android.google.youtube) it was down, but started again after reboot.
I had 2 possibilitys, to install twrp and root or install clearn rom, so I did the last, because I bought this phone just for 2-3 weeks and will give it later to my father, he doesnt need root, I think
Stock update from .zip file is still working on this ROM, so I just updated is with MIUI 8.1 stable and popups are gone
PS: the supermarket where I bought it was the e.LECLERC in FRANCE.
PPS: the stock ROM was unclean, so after switching language to f.e. german there were still many contexts on english and some on chinesian.
I think that it was the wholeseller, who installed the manipulated ROM and sold it to supermarket chain.
Be aware!
I bought a week ago in an hypermarket price reduced new Redmi 2. It was repacked, but fully closed in disposable packaging, brand new.
After some use I noticed that every time after open the browser I will be redirected to spam sites, with a new tab, no matter Chrome or stock browser.
I didnt installed any ohter apps, and chrome was from Google Play! Misterious. The virus scanner doesnt found anything.
MIUI version was 15.xxx, very strange, and not updateable.
So I connected the phone with notebbok and logged the events via adb.
And yes, one app was infected with malware / browser hijack.
So I searched in the adb console for process ID , which called this spam/malware site... And PID 1230 was stock youtube app.
Also was it running in SU mode and had fully access to almost all, includes installig and removing apps, contacts, sms and already everything.
Because it was the stock system app and no root, there was no possibility to remove it. It was protected from updates and after shutdown with adb (pm disable com.android.google.youtube) it was down, but started again after reboot.
I had 2 possibilitys, to install twrp and root or install clearn rom, so I did the last, because I bought this phone just for 2-3 weeks and will give it later to my father, he doesnt need root, I think
Stock update from .zip file is still working on this ROM, so I just updated is with MIUI 8.1 stable and popups are gone
PS: the supermarket where I bought it was the e.LECLERC in FRANCE.
PPS: the stock ROM was unclean, so after switching language to f.e. german there were still many contexts on english and some on chinesian.
I think that it was the wholeseller, who installed the manipulated ROM and sold it to supermarket chain.
Be aware!
