Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rui_Meleiro
Contributor
Jump to solution

com.adups.fota. How to remove it?

As I can't find any support option for Sandblast Mobile, I'm now trying the forum to find out possible answers for this.

One of the mobile phones on our Sandblast Mobile suite shows now the dreadful "fota" Chinese backdoor/malware. Checkpoint Mobile is unable to remove it as it part of the Android kernel. Short of rooting the thing, is there any other (less inutrusive) method of removing it from the phone?

Regards

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

If you want a formal statement from support, you should contact them (and yes, they support Capsule Protect): Contact Support | Check Point Software 

There are some risks that can easily be identified but cannot be mitigated due to technical limitations imposed by mobile operating systems.

For example, on iOS, no app can initiate an action to delete another application--this must be done manually by the user. 

If the operating system itself has the risk baked in, as seems to be the case with adups on some devices, removal is a non-trivial exercise.

Why alert on these risks? So you are aware of it and can take appropriate action. 

When used with an MDM and/or Capsule Workspace, for instance, you can restrict a potentially unsafe device from accessing protected resources.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin

If it's installed in the kernel, there's not much you can do to remove it.

A quick Google search suggests it's possible to disable the relevant components, however: How to Test for Adups' Spyware on Your Phone—& Disable It « Android :: Gadget Hacks 

Rui_Meleiro
Contributor

Thanks, Dameon, although I was kinda looking for a Checkpoint support formal response to this. After all, whats' the use of pointing out the problem if you don't (Checkpoint, I mean) have a straghtforward answer to solve it? Adups is rather pervasive now, I was only hoping that Checkpoint would have a simple answer. After all, there are now reportedly over 700.000 devices infected (not only ZTE).

PhoneBoy
Admin
Admin

If you want a formal statement from support, you should contact them (and yes, they support Capsule Protect): Contact Support | Check Point Software 

There are some risks that can easily be identified but cannot be mitigated due to technical limitations imposed by mobile operating systems.

For example, on iOS, no app can initiate an action to delete another application--this must be done manually by the user. 

If the operating system itself has the risk baked in, as seems to be the case with adups on some devices, removal is a non-trivial exercise.

Why alert on these risks? So you are aware of it and can take appropriate action. 

When used with an MDM and/or Capsule Workspace, for instance, you can restrict a potentially unsafe device from accessing protected resources.

Rui_Meleiro
Contributor

My dear Dameon, as always I deeeeply appreciate your feedback. Thank you.

Daniel_Dor
Employee Alumnus
Employee Alumnus

Dameon is 100% correct. Due to Android and iOS OS limitations, SandBlast Mobile can't remove some of the threats (while others can be removed by SandBlast Mobile). I would say that in this specific case, SandBlast Mobile will indicate about Adups, and this will be followed by automatic disconnection of the device from organizational assets (MDM or Container).

Upcoming Events

    CheckMates Events