OESF Portables Forum

Model Specific Forums => Gemini PDA => Gemini PDA - Android => Topic started by: Rafn on June 06, 2018, 10:56:23 am

Title: Firmware update detected as Andr/Xgen2-P by Sophos
Post by: Rafn on June 06, 2018, 10:56:23 am

Installed Sophos after loading x27 non-rooted, ‘Firmware update’ detected as threat/pua Andr/Xgen2-P.  No details from Sophos other than signatures.

Not detected by Kaspersky or AVG, could be a false positive, but worth further investigation.

Title: Firmware update detected as Andr/Xgen2-P by Sophos
Post by: Rafn on June 12, 2018, 02:39:30 am

Appears to be known APT based on Sophos.

Title: Firmware update detected as Andr/Xgen2-P by Sophos
Post by: Rafn on June 13, 2018, 04:54:02 pm

Probably AdUps firmware updater - has a history of harvesting data and has been previously seen on other MediaTek devices.  

http://www.kryptowire.com/adups_security_analysis.html (http://www.kryptowire.com/adups_security_analysis.html)

More recently: https://www.slashgear.com/adups-chinese-spy...g-blu-27493055/ (https://www.slashgear.com/adups-chinese-spyware-still-on-android-phones-including-blu-27493055/)

https://krebsonsecurity.com/2016/11/chinese...rds/#more-36939 (https://krebsonsecurity.com/2016/11/chinese-iot-firm-siphoned-text-messages-call-records/#more-36939)