cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Rui_Meleiro
Nickel

com.adups.fota. How to remove it?

Jump to solution

As I can't find any support option for Sandblast Mobile, I'm now trying the forum to find out possible answers for this.

One of the mobile phones on our Sandblast Mobile suite shows now the dreadful "fota" Chinese backdoor/malware. Checkpoint Mobile is unable to remove it as it part of the Android kernel. Short of rooting the thing, is there any other (less inutrusive) method of removing it from the phone?

Regards

1 Solution

Accepted Solutions
Admin
Admin

Re: com.adups.fota. How to remove it?

Jump to solution

If you want a formal statement from support, you should contact them (and yes, they support Capsule Protect): Contact Support | Check Point Software 

There are some risks that can easily be identified but cannot be mitigated due to technical limitations imposed by mobile operating systems.

For example, on iOS, no app can initiate an action to delete another application--this must be done manually by the user. 

If the operating system itself has the risk baked in, as seems to be the case with adups on some devices, removal is a non-trivial exercise.

Why alert on these risks? So you are aware of it and can take appropriate action. 

When used with an MDM and/or Capsule Workspace, for instance, you can restrict a potentially unsafe device from accessing protected resources.

View solution in original post

5 Replies
Admin
Admin

Re: com.adups.fota. How to remove it?

Jump to solution

If it's installed in the kernel, there's not much you can do to remove it.

A quick Google search suggests it's possible to disable the relevant components, however: How to Test for Adups' Spyware on Your Phone—& Disable It « Android :: Gadget Hacks 

Rui_Meleiro
Nickel

Re: com.adups.fota. How to remove it?

Jump to solution

Thanks, Dameon, although I was kinda looking for a Checkpoint support formal response to this. After all, whats' the use of pointing out the problem if you don't (Checkpoint, I mean) have a straghtforward answer to solve it? Adups is rather pervasive now, I was only hoping that Checkpoint would have a simple answer. After all, there are now reportedly over 700.000 devices infected (not only ZTE).

Admin
Admin

Re: com.adups.fota. How to remove it?

Jump to solution

If you want a formal statement from support, you should contact them (and yes, they support Capsule Protect): Contact Support | Check Point Software 

There are some risks that can easily be identified but cannot be mitigated due to technical limitations imposed by mobile operating systems.

For example, on iOS, no app can initiate an action to delete another application--this must be done manually by the user. 

If the operating system itself has the risk baked in, as seems to be the case with adups on some devices, removal is a non-trivial exercise.

Why alert on these risks? So you are aware of it and can take appropriate action. 

When used with an MDM and/or Capsule Workspace, for instance, you can restrict a potentially unsafe device from accessing protected resources.

View solution in original post

Rui_Meleiro
Nickel

Re: com.adups.fota. How to remove it?

Jump to solution

My dear Dameon, as always I deeeeply appreciate your feedback. Thank you.

Employee+
Employee+

Re: com.adups.fota. How to remove it?

Jump to solution

Dameon is 100% correct. Due to Android and iOS OS limitations, SandBlast Mobile can't remove some of the threats (while others can be removed by SandBlast Mobile). I would say that in this specific case, SandBlast Mobile will indicate about Adups, and this will be followed by automatic disconnection of the device from organizational assets (MDM or Container).