Author Topic: Firmware update detected as Andr/Xgen2-P by Sophos  (Read 2379 times)

Rafn

  • Newbie
  • *
  • Posts: 7
    • View Profile
Firmware update detected as Andr/Xgen2-P by Sophos
« on: June 06, 2018, 10:56:23 am »
Installed Sophos after loading x27 non-rooted, ‘Firmware update’ detected as threat/pua Andr/Xgen2-P.  No details from Sophos other than signatures.

Not detected by Kaspersky or AVG, could be a false positive, but worth further investigation.

Rafn

  • Newbie
  • *
  • Posts: 7
    • View Profile
Firmware update detected as Andr/Xgen2-P by Sophos
« Reply #1 on: June 12, 2018, 02:39:30 am »
Appears to be known APT based on Sophos.

Rafn

  • Newbie
  • *
  • Posts: 7
    • View Profile
Firmware update detected as Andr/Xgen2-P by Sophos
« Reply #2 on: June 13, 2018, 04:54:02 pm »
Probably AdUps firmware updater - has a history of harvesting data and has been previously seen on other MediaTek devices.  

http://www.kryptowire.com/adups_security_analysis.html

More recently: https://www.slashgear.com/adups-chinese-spy...g-blu-27493055/

https://krebsonsecurity.com/2016/11/chinese...rds/#more-36939