This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rui_Meleiro
Contributor
‎2018-01-30 07:20 AM
Jump to solution

com.adups.fota. How to remove it?

As I can't find any support option for Sandblast Mobile, I'm now trying the forum to find out possible answers for this.

One of the mobile phones on our Sandblast Mobile suite shows now the dreadful "fota" Chinese backdoor/malware. Checkpoint Mobile is unable to remove it as it part of the Android kernel. Short of rooting the thing, is there any other (less inutrusive) method of removing it from the phone?

Regards

Preview file
57 KB
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2018-01-30 03:53 PM
In response to Rui_Meleiro
Jump to solution

If you want a formal statement from support, you should contact them (and yes, they support Capsule Protect): Contact Support | Check Point Software 

There are some risks that can easily be identified but cannot be mitigated due to technical limitations imposed by mobile operating systems.

For example, on iOS, no app can initiate an action to delete another application--this must be done manually by the user. 

If the operating system itself has the risk baked in, as seems to be the case with adups on some devices, removal is a non-trivial exercise.

Why alert on these risks? So you are aware of it and can take appropriate action. 

When used with an MDM and/or Capsule Workspace, for instance, you can restrict a potentially unsafe device from accessing protected resources.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2018-01-30 01:59 PM
Jump to solution

If it's installed in the kernel, there's not much you can do to remove it.

A quick Google search suggests it's possible to disable the relevant components, however: How to Test for Adups' Spyware on Your Phone—& Disable It « Android :: Gadget Hacks 

Rui_Meleiro
Contributor
‎2018-01-30 03:24 PM
In response to PhoneBoy
Jump to solution

Thanks, Dameon, although I was kinda looking for a Checkpoint support formal response to this. After all, whats' the use of pointing out the problem if you don't (Checkpoint, I mean) have a straghtforward answer to solve it? Adups is rather pervasive now, I was only hoping that Checkpoint would have a simple answer. After all, there are now reportedly over 700.000 devices infected (not only ZTE).

PhoneBoy
Admin
Admin
‎2018-01-30 03:53 PM
In response to Rui_Meleiro
Jump to solution

If you want a formal statement from support, you should contact them (and yes, they support Capsule Protect): Contact Support | Check Point Software 

There are some risks that can easily be identified but cannot be mitigated due to technical limitations imposed by mobile operating systems.

For example, on iOS, no app can initiate an action to delete another application--this must be done manually by the user. 

If the operating system itself has the risk baked in, as seems to be the case with adups on some devices, removal is a non-trivial exercise.

Why alert on these risks? So you are aware of it and can take appropriate action. 

When used with an MDM and/or Capsule Workspace, for instance, you can restrict a potentially unsafe device from accessing protected resources.

Rui_Meleiro
Contributor
‎2018-01-30 04:04 PM
In response to PhoneBoy
Jump to solution

My dear Dameon, as always I deeeeply appreciate your feedback. Thank you.

Daniel_Dor
Employee Alumnus
Employee Alumnus
‎2018-02-04 05:43 AM
In response to Rui_Meleiro
Jump to solution

Dameon is 100% correct. Due to Android and iOS OS limitations, SandBlast Mobile can't remove some of the threats (while others can be removed by SandBlast Mobile). I would say that in this specific case, SandBlast Mobile will indicate about Adups, and this will be followed by automatic disconnection of the device from organizational assets (MDM or Container).

Upcoming Events

    Sort by:
    CheckMates Events