Need help May I ask a question??

Linca09

I have downloaded and install this app/game, but the problem is it doesn't have an icon like usually it uses only the default android icon not the actual icon

I don't know if the developers doesn't add it or don't know how to add, but certainly after I downloaded it the bitdefender mobile security app doesn't show any warning of app being malicious, and also I scanned it before I installed but didn't get any warning.

usually the app itself automatically scan the app after installed, After I install it it says the same thing when you installed an app in the official store like it secured whatsoever I know this seems stupid but I hope devs will answer my question.

This is how the icon looks like

Flexx

https://community.bitdefender.com/en/discussion/98563/need-help-may-i-ask-a-question

The app may or maynot be malicious.

If you believe that a website or file is not detected by Bitdefender as malicious or phishing, kindly report it to our malware research team using the forum provided at the link below: https://www.bitdefender.com/consumer/support/answer/29358/

If the website or file is indeed malicious or phishing, detection will be added within a maximum of 72 hours. However, if no detection is available even after 72 hours, kindly consider the website or file as safe, as determined by our malware researchers, and no detection will be created for them.

Also, you can download the VirusTotal app from the provided link (https://play.google.com/store/apps/details?id=com.funnycat.virustotal&hl=en&gl=US) to check your entire Android operating system and see if all the apps are clean or if any app is detected as malicious by different anti-malware vendors.

Regards

Flexx

https://community.bitdefender.com/en/discussion/comment/334247#Comment_334247

This forum can only help you with Bitdefender products. For assistance with products from other vendors, kindly contact their support.

TrendMicro support: https://helpcenter.trendmicro.com/en-us/contact-support/

Fortinet support: https://www.fortinet.com/support/contact

Regards

Linca09

Sir Felix may I ask, when I download the virustotal app from the link you gave me and make a quick scan. the app detected 6 suspicious malware on my system settings app.

I don't know if it's really real/legit or just a false alarm, hope you can help me with this since deleting a system settings app has a big impact on a phone

(Now my problems turns for the worst hahahaha)

Flexx

@Alexandru_BD, @agozob From the VirusTotal app, it seems that the Settings app is detected as malicious by Bitdefender, Avira, and Norton. The thing is that the detected settings file is an inbuilt Android OS file, and hence there will be no option to remove it. Also, the same cannot be sent to malware researchers. Any thoughts here?

What is concerning me is that, while creating detection, did the Bitdefender malware researchers not know that it is a system file? And how did they get access to the Android OS system file in the first place?

Kindly check if you can help here.

Additionally, @Linca09 Can you click on the information bar and share the hash (MD5 or SHA256) here (in written format)?

I guess the only way to remove the detection will be to share the hash of the app with the malware research team to get the detection removed.

Regards

Linca09

Sure no problem sir flexx here's the hash of the app Sha256: ddce42bd535400a2a0591b39b365e4d8fcb23c68ace431ae36744cd14f83355c

And the md5:7487cedc28cbab382e846d1808c5a878

Ty and God bless good sirs

Flexx

https://community.bitdefender.com/en/discussion/comment/333920#Comment_333920

Got it, below is the virustotal link for the same

https://www.virustotal.com/gui/file/ddce42bd535400a2a0591b39b365e4d8fcb23c68ace431ae36744cd14f83355c

@Alexandru_BD, can you share the above stated virustotal link with malware researchers and ask them to promptly remove the detection? Kindly provide an update on the resolution here.

Regards

Linca09

Thank you good sirs I will wait for your update here

Alexandru_BD

Hello,

Regarding the original question, the app is most likely a repack and simply has no icon, but that doesn't mean it's necessarily malicious, especially since it doesn't display any detection on virustotal. However, we do not advise anyone to download such applications. Although the Settings app appears to be detected, it looks more like something generic, so I think it's most likely false positives. The sample has been forwarded to the anti-malware researchers for a deeper analysis nevertheless.

@Linca09 can you tell us what type of mobile device do you have?

And the reason why Bitdefender didn't alert you about the application is that it doesn't scan system applications, precisely on the principle that there is no way for them to be infected in the first place and if they are, then the phone was purchased from a doubtful source or it was sketchy from the very beginning. There are a lot of copycats and shady mobile brands out there, so it's recommended to stick to a reputable brand.

Regards,

Alex

Linca09

Thank you for your response Alexandru sir. about the app that has no icon, I've uploaded it in the virustotal site to further scan it but didn't get any signs of the app being malicious, also I did the scan 3 or 4 times the same goes in the bitdefender app and the app anomaly scan features of bitdefender but same thing, didn't detect any.

About the type of device I use, I'm using Infinix smart 7 hope you fix this and God bless y'all

Flexx

https://community.bitdefender.com/en/discussion/comment/333947#Comment_333947

@Alexandru_BD I am confused because the 'Settings' app is a system app, so how did Bitdefender for Android scan it?

Additionally, ESET has also started detecting the app as having spy.banker (apps that spy on Android devices using overlay screens to obtain information about the victim’s financial apps. They can also control the device screen, forward incoming calls on the victim’s device, and inject banking URLs)

@Linca09 I guess you will have to report this app to your mobile manufacturer to get this resolved.

Regards

Linca09

I see well but I hope this was just a false alarm, since the app that I have a suspicion on has no malware detected on it despite the fact that it has no icon

Flexx

After reporting the setting app to ESET, they have removed the detection but for Bitdefender it is still pending.

Regards

Linca09

Thank you sir flexx I be waiting.

Linca09

Good sirs I've waited for 72 hours about the link that I sent of where I downloaded the app to your malware research team, but didn't receive any detection mail from them. so basically the link is safe?

Also about the system settings application that has 6 malware. do you have an update if the detection really are positive or not? I've scanned it to other popular antivirus app like eset,avg antivirus and Kaspersky but they didn't detect any malicious on my phone.

Ughhh I'm really worried since 6 detection is quite troublesome please make an update as soon as you can good sirs.

Linca09

Also this is quite confusing. I tried to scan both the virustotal app and site, but they both seems have a different results. the app version detected 6 which the same as usual, while the site detected 4 any thoughts here good sirs and I'm sorry for asking too many questions because you know I'm quite worried about this.

Flexx

https://community.bitdefender.com/en/discussion/comment/334080#Comment_334080

@Alexandru_BD will get back to you in some time since he is the employee of bitdefender and has more access to stuffs.

Regards

Linca09

Ah I see thank you sir flexx, as usual I be waiting.

Alexandru_BD

Hi @Linca09,

These are still being processed.

Regards

Linca09

Thank you Alexandru sir as usual again I be waiting.

Alexandru_BD

Hello @Linca09,

Just a quick update here. The security researchers concluded that the app is legitimate, there was a generic false alert which was recently removed.

It took a while to analyze the detection in-depth, because samples like that are quite convoluted and the researchers had to make sure that everything was O.K.

Thank you for your patience.

Regards,

Alex

Flexx

https://community.bitdefender.com/en/discussion/comment/334160#Comment_334160

The detection has been removed as you can check in below stated link virustotal link

https://www.virustotal.com/gui/file/ddce42bd535400a2a0591b39b365e4d8fcb23c68ace431ae36744cd14f83355c

You can again run a scan with virustotal app on your device.

Regards

Linca09

Thank you very much sir flexx and sir Alex and the rest of the researches.

anyway as you can see I run a quick scan in the virustotal app and virustotal link and it seems like some of the detection has been removed and I'm really truly grateful for that.

now as you can see there are still this 2 avs Report that have not been removed yet. Alibaba which still detect a trojan spy and SymantecMobilelnsight which also still detect apprisk as seen in the photo above.

Flexx

https://community.bitdefender.com/en/discussion/comment/334187#Comment_334187

No one cares whether Alibaba detects it or not; I've never heard of this antimalware vendor.

As far as Norton/Symantec goes, you can share the same with them via the below-stated links

https://submit.norton.com/

https://symsubmit.symantec.com/

Regards

Alexandru_BD

Hello @Linca09,

You are most welcome, I'm glad we could help.

In regards to the remaining detections, we can't influence what other vendors detect, so this needs to be addressed by the respective entities. The Bitdefender security analysts looked over the samples and they concluded everything was clean, so from my point of view there's not much we can do for the remaining false positive detections. Alibaba and Symantec should sort them out.

Regards,

Alex

Alexandru_BD

https://community.bitdefender.com/en/discussion/comment/334198#Comment_334198

😄

Flexx

https://community.bitdefender.com/en/discussion/comment/334203#Comment_334203

😂

Linca09

Thank you again as usual sir Alex and sir flex, really I'm truly grateful. amm there still these 4 detection remaining in my system. I just wanna make sure if this 4 detection is false or not, and after that I can finally at peace.

Also here's there hash

Smart panel system app: 30261105be899078e771f26c05a5f9e0704e91d2799f46ffdb7186b958510867

Smart scan system app: 0ff52062f700b44880104c6de792c4e15460f43931b098f896a2468502ef9806

Xos launcher system app:

0b5f940abccd78af96cc7117f947bfbdb921a328eac2ab904c247390ed99e80b

YouTube music system app:

085c62b9cdda490254718d2e6cdc8cdc8214d1c6c985ead00e23c60e12ebbcad

Linca09

I see well thanks again good sirs, and sorry for asking too many questions.

Flexx

https://community.bitdefender.com/en/discussion/comment/334326#Comment_334326

We are always here to help you.

Regards

Linca09

Am sir flexx....... I know this seems rather stupid to ask again, but.... after I scanned my virustotal app. it looks like the detection of SymantecMobilelnsight have been removed, and only the Alibaba avs are still there detecting trojan spy, is this Alibaba really... you know....... legit?

Flexx

https://community.bitdefender.com/en/discussion/comment/334357#Comment_334357

Yes, because I had already contacted them regarding the removal of the detection via their online forum and received a reply stating that the file was clean, and hence detection might have been removed.

Seems like Trend Micro has also removes it.

Regards

Linca09

About that are you referring to Alibaba or SymantecMobilelnsight? Also about the TrendMicro-HouseCall what system app are you referring the settings app or the other 3 system apps namely smart scanner and smart panel?

Flexx

https://community.bitdefender.com/en/discussion/comment/334361#Comment_334361

I am referring only to Norton/Symantec. They use the same detection engine since they were part of the same company before. For others, I do not have any information.

Forget Alibaba, as I told you earlier, I have never heard of that antimalware, and no one cares if it detects a file as malware or not.

Regards

Linca09

Oh i see..... well if you say so and also if one of the most trusted anti-malware namely bitdefender....etc remove they're detection and flag the system app as clean then I'm ok with that, since as what sir Alex says that they're bitdefender security analysts said that they looked over the samples and they concluded that everything was clean then, So maybe it really is safe..... Well ty again sir flex for your great patience.

Linca09

......about the other 3 system app detection TrendMicro-HouseCall and fortinet....well about the TrendMicro-HouseCall maybe it was false, since it detects 3 of my system apps as malicious. and yesterday when I scan it again via virustotal, they're remove the detection or the detection got remove in one of the system app, namely yt music system app... so yahh maybe the TrendMicro-HouseCall was a false detection after all, also about fortinet detection in XOS Launcher I still don't have any idea how to know if it's false or not

Flexx

https://community.bitdefender.com/en/discussion/comment/334455#Comment_334455

You can share the hash of the app with Fortinet support by sending them an email at cs@fortinet.com and informing them about the detection issue. They may ask you to use the online forum to submit the sample, but you will have to inform them that you only have the hash of the app. You can then share the hash with them, and they might have it checked by their malware analyst.

Regards

Linca09

Sir flexx as you can see, I already contacted them yesterday and earlier via there email, but they only replied with this also, when I try to create an account a company is required since I'm a student I don't know what to put. so if ok will you sir contact them for me..... I know this seems out of the line tho but I really appreciate it.

Flexx

https://community.bitdefender.com/en/discussion/comment/334528#Comment_334528

Use the below stated link and select chat option

https://www.fortinet.com/support/contact

If you can share the hash (in written format) I may try to get it checked.

Regards

Linca09

Ty sir flexx, also here's the hash of the app 0b5f940abccd78af96cc7117f947bfbdb921a328eac2ab904c247390ed99e80b

Kindly check it sir.