Sacado de xda:
I've also found /system/app/com.android.malposed.apk on my phone. This one seems to be a part of the attack vector. It has a lot of permissions and activity. I've decompilled it and it seems like this one is a backdoor from firmware builder. I'm not sure if this one came with my old firmware installed. But googling it proves ppl had this on older stock firmware:
father.rickety.ordinaire.sus same as com.android.malposed.
https://www.virustotal.com/ru/file/...b2be25cd7afb412bc43650c4/analysis/1435732626/
I don't have com.android.fallen.apk, but seems like this is a new version of the backdoor.
I really wonder wft is Jiayu are doing by dropping those backdoors to their phones.
Important! Check your phone for the following apps in /data/app and /system/app:
com.android.fallen
com.android.malposed
com.therefore.miner
father.rickety.ordinaire.sus
If your phone has any of those - you are vulnerable. You can delete those apps and reboot. Doing so doesn't guarantees you are safe, because we are not sure how much backdoors Jiayu firmware builders left.
I've also found /system/app/com.android.malposed.apk on my phone. This one seems to be a part of the attack vector. It has a lot of permissions and activity. I've decompilled it and it seems like this one is a backdoor from firmware builder. I'm not sure if this one came with my old firmware installed. But googling it proves ppl had this on older stock firmware:
father.rickety.ordinaire.sus same as com.android.malposed.
https://www.virustotal.com/ru/file/...b2be25cd7afb412bc43650c4/analysis/1435732626/
I don't have com.android.fallen.apk, but seems like this is a new version of the backdoor.
I really wonder wft is Jiayu are doing by dropping those backdoors to their phones.
Important! Check your phone for the following apps in /data/app and /system/app:
com.android.fallen
com.android.malposed
com.therefore.miner
father.rickety.ordinaire.sus
If your phone has any of those - you are vulnerable. You can delete those apps and reboot. Doing so doesn't guarantees you are safe, because we are not sure how much backdoors Jiayu firmware builders left.