CINXE.COM
手机预装恶意软件威胁分析 - 百度安全社区
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <script src="/webstatic/js/toMobile.js?ver=1744099270"></script> <title>手机预装恶意软件威胁分析 - 百度安全社区</title> <meta name="keywords" content="病毒,手机漏洞,恶意软件"> <meta name="description" content="本文分析malbytes研究人员最近发现的手机设备预装恶意软件威胁。"> <meta http-equiv="X-UA-Compatible" content="IE=edge;IE=10;chrome=1"> <link rel="shortcut icon" href="/favicons.ico" type="image/x-icon"> <link rel="icon" href="/favicons.ico" type="image/x-icon"> <link href="/webstatic/lib/bootstrap.min.css" type="text/css" rel="stylesheet"> <link href="/webstatic/css/common.css?ver=1744099270" type="text/css" rel="stylesheet"> <link href="/webstatic/css/forum.css?ver=1744099270" type="text/css" rel="stylesheet"></head> <body> <style> /* 用于解决 https://wappass.baidu.com/static/machine/css/api/mkd_8c7067d.css a:active opacity: .6 问题 */ a:active { opacity: inherit; } </style> <!--导航start--> <div class="menu mover"> <div class="menu-con"> <!--登录状态用style="display: block"控制显示--> <!--未登录--> <div class="mlogin no-login"> <a class="login-btn" href="javascript:void(0);">登录</a> </div> <!--已登录--> <div class="mlogin has-login"> <!-- <a class="backend-btn" href="/console/" target="_blank">控制台</a> --> <div class="muser-name"> <a target="_blank" href="javascript:void(0)" onclick="return false" class="muser-link"> <span id="user_name"></span> </a> <div class="muser-down"> <a id="quit_addr" href="#" target="_self">退出账户</a> </div> </div> </div> <!--登录状态end--> <a href="/" class="mlogo"></a> <ul class="mnavlist" id="mnavlist"> </ul> </div> </div> <!--导航end--> <div class="forum clearfix" rel="detail"> <div class="forum-right"> <!-- 广告位推荐 start--> <div class="frbox topad" id="hotArt"> <a target="_blank" href="/article/1923" style="display:block"> <img src="/upload/ue/image/20250408/1744091148131855.png" alt=""> <span>安全运营 | 第十期「纵深防护·极智运营」度安讲技术沙龙成功举办</span> </a> </div> <div class="product-rank"> <div class="product-rank-title"> 产品人气榜 </div> <ul id="rankBox"> <li class="rank-top"> <div class="product-rank-left rankTop1"></div> <div class="product-rank-right"> <a href="/pages/page.html?pid=39" class="product-title"> 史宾格安全及隐私合规平台 </a> <div class="product-des">3分钟完成一周工作量 更快实现隐私合规</div> </div> </li><li class="rank-top"> <div class="product-rank-left rankTop2"></div> <div class="product-rank-right"> <a href="/pages/page.html?pid=20" class="product-title"> IP信誉查询 </a> <div class="product-des">多因子计算,多维度画像</div> </div> </li><li class="rank-top"> <div class="product-rank-left rankTop3"></div> <div class="product-rank-right"> <a href="/pages/page.html?pid=67" class="product-title"> 智能数据安全网关 </a> <div class="product-des">为企业数据安全治理提供一体化数据安全解决方案</div> </div> </li><li> <div class="product-rank-left">4</div> <a href="/pages/page.html?pid=18" class="product-rank-right"> 网址安全检测 </a> </li><li> <div class="product-rank-left">5</div> <a href="/pages/page.html?pid=19" class="product-rank-right"> SMS短信内容安全 </a> </li><li> <div class="product-rank-left">6</div> <a href="/pages/page.html?pid=5" class="product-rank-right"> 百度漏洞扫描 </a> </li><li> <div class="product-rank-left">7</div> <a href="/pages/page.html?pid=49" class="product-rank-right"> 爬虫流量识别 </a> </li><li> <div class="product-rank-left">8</div> <a href="/pages/page.html?pid=61" class="product-rank-right"> 百度AI多人体温检测 </a> </li><li> <div class="product-rank-left">9</div> <a href="/pages/page.html?pid=74" class="product-rank-right"> 工业大脑解决方案 </a> </li><li> <div class="product-rank-left">10</div> <a href="/pages/page.html?pid=64" class="product-rank-right"> APP安全解决方案 </a> </li><li> <div class="product-rank-left">11</div> <a href="/pages/page.html?pid=29" class="product-rank-right"> 安全OTA </a> </li><li> <div class="product-rank-left">12</div> <a href="/pages/page.html?pid=77" class="product-rank-right"> 大模型安全解决方案 </a> </li><li> <div class="product-rank-left">13</div> <a href="/pages/page.html?pid=70" class="product-rank-right"> 安全知识图谱 </a> </li> </ul> </div><div class="fixed"> <div class="frbox tag-part" id="theme"> <h4>热门主题</h4> <div class="frboxcon frboxcon-pd"> <ul class="forum-tags" id="hotTags"> <li> <a target="_blank" href="/tag/131"> BackerTalk</a> </li> <li> <a target="_blank" href="/tag/224"> SiemPentTeam</a> </li> <li> <a target="_blank" href="/tag/419"> 百度安全</a> </li> <li> <a target="_blank" href="/tag/5"> 漏洞</a> </li> <li> <a target="_blank" href="/tag/3"> 智能安全</a> </li> <li> <a target="_blank" href="/tag/7"> 攻击</a> </li> <li> <a target="_blank" href="/tag/6"> 黑产</a> </li> <li> <a target="_blank" href="/tag/9"> 安全</a> </li> <li> <a target="_blank" href="/tag/19"> 网络安全</a> </li> <li> <a target="_blank" href="/tag/11"> 黑客</a> </li> <li> <a target="_blank" href="/tag/44"> 恶意软件</a> </li> </ul> </div> </div> </div> <div class="fixed"> <div class="frbox"> <h4>热门文章</h4> <div class="frboxcon"> <ul class="fr-notice-list" id="recommendArt"> <li class="fr-notice-list-li"> <a href="/article/1923" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250408/1744091148131855.png" alt=""> </div> <div class="notice-info">安全运营 | 第十期「纵深防护·极智运营」度安讲技术沙龙成功举办</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1922" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250318/1742276030896576.png" alt=""> </div> <div class="notice-info">模型上新!体验文心大模型4.5卓越性能,文心快码邀您探索</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1921" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250313/1741856397996482.png" alt=""> </div> <div class="notice-info">文心快码全新升级!Comate Zulu开放公测,超多好礼派送中</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1920" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250306/1741255476943495.png" alt=""> </div> <div class="notice-info">警惕!AI组件ComfyUI易被黑产盯上</div> </a> </li><li class="fr-notice-list-li"> <a href="/article/1919" target="_blank" class="fr-notice-list-link"> <div class="notice-img imgShadow"> <img src="/upload/ue/image/20250227/1740653380412553.png" alt=""> </div> <div class="notice-info">大模型驱动智能合规 | 构建企业个保审计新范式</div> </a> </li> </ul> </div> </div> </div> <!-- 热门文章 end--> </div> <div class="forum-left"> <div class="forum-detail" id="forumDetail"><h2>手机预装恶意软件威胁分析</h2> <p class="smm">2019-01-11 14:51:05<span class="forum-article-heat">11332人阅读</span></p> <div class="forum-share forum-detail-tag-share"> <div class="tag-top"> <div class="clearfix forum-pad forum-pad-detail"> <ul class="forum-tags"> <li><a target="_blank" href="/tag/8">病毒</a></li> <li><a target="_blank" href="/tag/110">手机漏洞</a></li> <li><a target="_blank" href="/tag/44">恶意软件</a></li> </ul> </div> </div> <div class="share-top"> 分享至:<i class="tipbtn weichartQr"></i> <a class="tipbtn weibo" href="http://service.weibo.com/share/share.php?appkey=&title=手机预装恶意软件威胁分析&url=https://anquan.baidu.com/article/534&style=simple" target="_blank"> </a> </div> </div> <!--文章内容start--> <div class="fd-content clearfix"> <p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 48px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">研究人员有一个大胆的想法,在你新买手机设备时的必须安装系统应用APP中,可能预装了恶意软件。然而事实证明,这并不只是一个大胆的想法,预装的手机恶意软件已经成为了未来主要威胁之一。</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 120px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">过去我们在Adups威胁中就遇到过预装的恶意软件(2016年11月,Adups被指向Android设备预装后门,私自收集短信和联系人等;但是删除这些预装软件可能需要ROOT权限)。预装(Pre-installed)意味着恶意软件是以SYSTEM级权限安装在设备上的,因此无法移除,只能禁用。但完全解决预装恶意软件只能通过work-around为当前用户卸载应用程序来实现。该方法包含使用ADB命令行工具将手机设备连接到PC,具体过程<span style="color: rgb(0, 0, 0);">参见</span><a href="https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/" target="_blank" style="box-sizing: border-box; color: rgb(0, 0, 0); text-decoration: underline;"><span style="color: rgb(0, 0, 0);">https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/</span></a><span style="color: rgb(0, 0, 0);">。</span></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 72px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">虽然该方法有点复杂,但是可以解决预装恶意软件的问题,但是解决新版本的预装恶意软件就变得更加困难。恶意软件作者开始对那些设备运行所必须的系统APP下手了。通过将恶意代码注入到这些必要的APP中,攻击者就重塑了整个预装恶意软件的威胁图谱。</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 28px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><strong style="box-sizing: border-box; line-height: 26px; margin-bottom: 15px; margin-top: 15px;"><span style="box-sizing: border-box; word-wrap: break-word; word-break: break-all; font-size: 20px;">预装的应用类型</span></strong></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">根据APP在设备上的位置不同,可以将预装的APP分为两类。同时所在的位置也决定了APP的重要程度。</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 72px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">第一个位置是/system/app/。位于/system/app/的APP对设备运行来说并不是非常重要。一般照相机、蓝牙、FM广播、照片查看相关功能的程序安装在这个位置。这也是设备制造商缓存预装软件的位置。卸载这些APP可能会降低用户体验,但并不会影响设备正常运行。</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 72px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">另一个位置是/system/priv-app/。位于这个位置的APP就相对比较重要啦。比如系统设置、系统UI这样的APP就保存在这个位置。换句话说,无法在不影响设备使用的情况下卸载这些APP。但是最新的预装恶意软件的模板位置都是/system/priv-app/。</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: center; height: 300px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><img class="aligncenter size-full wp-image-15603" src="http://img.4hou.com/wp-content/uploads/2019/01/78ee5874077be0802e92.png" data-original="http://img.4hou.com/wp-content/uploads/2019/01/78ee5874077be0802e92.png" width="180" height="300" alt="手机预装恶意软件威胁分析" style="box-sizing: border-box; max-width: 100%; margin: 0px auto; display: block; cursor: pointer; height: auto !important;"/></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 28px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><strong style="box-sizing: border-box; line-height: 26px; margin-bottom: 15px; margin-top: 15px;"><span style="box-sizing: border-box; word-wrap: break-word; word-break: break-all; font-size: 20px;">案例研究</span></strong></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 26px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><strong style="box-sizing: border-box; line-height: 26px; margin-bottom: 15px; margin-top: 15px;">案例1:System UI中的Riskware auto installer</strong></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 96px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">设备型号是THL T9 Pro,固件是Android/PUP.Riskware.Autoins.Fota.INS。虽然代码与已知的预装恶意软件Adups非常相似,但这次注入在重要的系统APP System UI中了,而不是以单独的APP出现。感染后还会安装Android/Trojan.HiddenAds的变种,因此很头疼。目前还不清楚是Adups自己更新的攻击方式,还是代码被其他攻击者窃取了。</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: center; height: 300px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><img class="aligncenter size-full wp-image-15604" src="http://img.4hou.com/wp-content/uploads/2019/01/91b92705aab576c4fac5.png" data-original="http://img.4hou.com/wp-content/uploads/2019/01/91b92705aab576c4fac5.png" width="173" height="300" alt="手机预装恶意软件威胁分析" style="box-sizing: border-box; max-width: 100%; margin: 0px auto; display: block; cursor: pointer; height: auto !important;"/></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 26px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><strong style="box-sizing: border-box; line-height: 26px; margin-bottom: 15px; margin-top: 15px;">案例2:Monitor系统设置</strong></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 72px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">设备型号是UTOK Q55,感染的是Android/Monitor.Pipe.Settings。Monitor是PUP(Potentially Unwanted Programs)的子集,会从用户设备中收集和报告隐私信息。但是Monitor app被硬编码在重要的设置APP中,因此卸载这些APP需要下载设置应用程序。</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: center; height: 228px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><img class="aligncenter size-full wp-image-15605" src="http://img.4hou.com/wp-content/uploads/2019/01/3b787f3538f911d26640.png" data-original="http://img.4hou.com/wp-content/uploads/2019/01/3b787f3538f911d26640.png" width="300" height="228" alt="手机预装恶意软件威胁分析" style="box-sizing: border-box; max-width: 100%; margin: 0px auto; display: block; cursor: pointer; height: auto !important;"/></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 28px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><strong style="box-sizing: border-box; line-height: 26px; margin-bottom: 15px; margin-top: 15px;"><span style="box-sizing: border-box; word-wrap: break-word; word-break: break-all; font-size: 20px;">修复</span></strong></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 48px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">目前还没有完美的修复方案。但研究人员提出一些指南和方法。如果有纯净版的系统APP来替换恶意版,那么可以尝试进行替换。首先要寻找与设备安卓OS版本匹配的系统APP,然后使用下面的方法:</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">参考Adups的移除<span style="color: rgb(0, 0, 0);">指南:</span><a href="https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/" target="_blank" style="box-sizing: border-box; color: rgb(0, 0, 0); text-decoration: underline;"><span style="color: rgb(0, 0, 0);">https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/</span></a></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><span style="color: rgb(0, 0, 0);">保存要替换的系统APP的安装路径;</span></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">在PC上下载一个纯净版的系统APP;可以将下载的APP上传到VirusTotal来决定它是否纯净;</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">将系统APP从PC移动到手机设备上:</p><pre class="brush:html;toolbar:false;" style="box-sizing: border-box; margin-top: 0px; margin-bottom: 0px; padding: 10px; word-wrap: break-word; background-color: rgb(241, 241, 241); white-space: pre-wrap; line-height: 26px; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif !important; color: rgb(102, 102, 102) !important;">adb push <PC file path>\<filename of clean version.apk> /sdcard/Download/<filename of clean version.apk></pre><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">下载老版本的恶意系统APP:</p><pre class="brush:html;toolbar:false;" style="box-sizing: border-box; margin-top: 0px; margin-bottom: 0px; padding: 10px; word-wrap: break-word; background-color: rgb(241, 241, 241); white-space: pre-wrap; line-height: 26px; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif !important; color: rgb(102, 102, 102) !important;">adb shell pm uninstall -k –user 0 <package name of malicious system app></pre><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">安装新版本的系统APP:</p><pre class="brush:html;toolbar:false;" style="box-sizing: border-box; margin-top: 0px; margin-bottom: 0px; padding: 10px; word-wrap: break-word; background-color: rgb(241, 241, 241); white-space: pre-wrap; line-height: 26px; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif !important; color: rgb(102, 102, 102) !important;">adb shell pm install -r –user 0 /sdcard/Download/<filename of clean version.apk></pre><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">查看是否工作:</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">常见的错误情况</p><pre class="brush:html;toolbar:false;" style="box-sizing: border-box; margin-top: 0px; margin-bottom: 0px; padding: 10px; word-wrap: break-word; background-color: rgb(241, 241, 241); white-space: pre-wrap; line-height: 26px; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif !important; color: rgb(102, 102, 102) !important;">[INSTALL_FAILED_VERSION_DOWNGRADE] [INSTALL_FAILED_UPDATE_INCOMPATIBLE] [INSTALL_FAILED_OLDER_SDK]</pre><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 24px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">如果新版本系统APP安装失败,可以回退到老版本的系统APP:</p><pre class="brush:html;toolbar:false;" style="box-sizing: border-box; margin-top: 0px; margin-bottom: 0px; padding: 10px; word-wrap: break-word; background-color: rgb(241, 241, 241); white-space: pre-wrap; line-height: 26px; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif !important; color: rgb(102, 102, 102) !important;">adb shell pm install -r –user 0 <full path of the apk saved from second step></pre><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 26px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><strong style="box-sizing: border-box; line-height: 26px; margin-bottom: 15px; margin-top: 15px;">预防方法</strong></p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 48px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);">目前应对感染最好的方法就是:不要使用存在风险的设备。研究人员测试发现以下型号的设备已经被证明会受到影响:</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 26px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><strong style="box-sizing: border-box; line-height: 26px; margin-bottom: 15px; margin-top: 15px;">· </strong>THL T9 Pro</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 26px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><strong style="box-sizing: border-box; line-height: 26px; margin-bottom: 15px; margin-top: 15px;">· </strong>UTOK Q55</p><p style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; margin-top: 0px; margin-bottom: 15px; padding: 0px; word-wrap: break-word; word-break: break-all; color: rgb(51, 51, 51); font-size: medium; line-height: 1.5em; text-align: justify; height: 26px; overflow: hidden; white-space: normal; background-color: rgb(255, 255, 255);"><strong style="box-sizing: border-box; line-height: 26px; margin-bottom: 15px; margin-top: 15px;">· </strong>BLU Studio G2 HD</p><hr/><p><span style="color: rgb(153, 153, 153); font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255);">本文翻译自:<a href="https://blog.malwarebytes.com/cybercrime/2019/01/the-new-landscape-of-preinstalled-mobile-malware-malicious-code-within/" _src="https://blog.malwarebytes.com/cybercrime/2019/01/the-new-landscape-of-preinstalled-mobile-malware-malicious-code-within/">https://blog.malwarebytes.com/cybercrime/2019/01/the-new-landscape-of-preinstalled-mobile-malware-malicious-code-within/</a></span></p><p><span style="color: rgb(153, 153, 153); font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255);">翻译作者:<span style="color: rgb(153, 153, 153); font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255);">ang010ela </span>原文地址: </span><a href="http://www.4hou.com/system/15577.html" target="_blank" style="box-sizing: border-box; font-family: "Microsoft YaHei", 微软雅黑, "Helvetica Neue", Helvetica, Arial, sans-serif; color: rgb(153, 153, 153); display: inline; word-wrap: break-word; white-space: pre-wrap; word-break: break-all; font-size: 14px; background-color: rgb(255, 255, 255); text-decoration: none !important;">http://www.4hou.com/system/15577.html</a></p> </div> <!--文章内容end--> <div class="forum-share forum-share-bottom"> <!--<a class="forum-like "> <img class="w" src="/webstatic/img/bbs/icon_like@1x.svg" alt=""> <img class="g" src="/webstatic/img/bbs/icon_like_grey@1x.svg" alt=""><br> <span>3</span> </a>--> <div class="share-bottom"> 分享至:<i class="tipbtn weichartQr"></i> <a class="tipbtn weibo" href="http://service.weibo.com/share/share.php?appkey=&title=手机预装恶意软件威胁分析&url=https://anquan.baidu.com/article/534&style=simple" target="_blank"> </a> </div> </div> </div> <div id="recom-part"> <div class="detail-recom-read" id="detail-recom-read"> <div class="recom-title">推荐阅读</div> </div> <ul class="recom-reading clearfix"> <li> <a href="/article/1610"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20220413/1649819847797816.jpg) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>最新发现:恶意软件 FFDroider 佯装成 Telegram 攻击窃取浏览器用户密码</span> </span> </a> </li> <li> <a href="/article/1518"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20211116/1637041892196741.jpg) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>虚假安装程序已经成为了传播恶意软件的新途径</span> </span> </a> </li> <li> <a href="/article/1467"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20210902/1630570401887468.jpg) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>2021年恶意软件AdLoad绕过了苹果XProtect的防护</span> </span> </a> </li> <li> <a href="/article/1430"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20210720/1626763065458341.png) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>iPhone被曝存在安全隐患:不点击链接也有可能被入侵</span> </span> </a> </li> <li> <a href="/article/1429"> <span class="recom-read-img imgShadow" style="background: url(/upload/ue/image/20210719/1626675947442893.png) no-repeat center; background-size: cover"></span> <span class="recom-read-sub-title"> <span>Android应用伪装成二维码扫描器,传播Joker木马变体</span> </span> </a> </li> </ul> </div> </div> </div> <div class="popover fade top in" id="qrimg" style="left: 1172.31px; top: 10037px; display: none;"> <div class="arrow" style="left: 22.1812%;"></div> <div class="popover-content"> 微信扫描访问文章<br> <img src="" alt="" width="121"> </div> </div> <script> var aid = 534; </script> <div class="footer"> <div class="footer-container"> <div class="footer-cell contact-infos"> <div class="footer-cell-content"> <img width="158" src="/webstatic/img/logo_baiduanquan_navbar_web.svg" alt="logo"> <div class="spu-btn-primary" id="footer-apply" style="margin-bottom: 10px;">立即咨询</div> <span id="footer-contact">商务咨询:400-805-4999</span> </div> </div> <div class="footer-cell foot-border-left"> <div class="footer-cell-head">安全产品</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/1" target="_blank">DDoS攻击防护</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">解决方案</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/6" target="_blank">IDC智云盾</a> <a href="https://anquan.baidu.com/page/7" target="_blank">云高防</a> <a href="https://anquan.baidu.com/page/8" target="_blank">xSRC</a> <a href="https://anquan.baidu.com/page/9" target="_blank">gSRC</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">安全服务</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/13" target="_blank">渗透测试</a> <a href="https://anquan.baidu.com/page/16" target="_blank">安全培训</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">开放服务</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/page/18" target="_blank">网址安全检测</a> <a href="https://anquan.baidu.com/page/19" target="_blank">SMS短信内容安全</a> </div></div><div class="footer-cell false"> <div class="footer-cell-head">其他</div> <div class="footer-cell-content"> <a href="https://anquan.baidu.com/forum" target="_blank">安全社区</a> <a href="https://www.baidu.com/duty/yinsiquan-policy.html" target="_blank">隐私协议</a> </div></div> <div class="footer-cell"> <div class="footer-cell-head">关注我们</div> <div class="footer-cell-content"> <img src="/webstatic/img/newicon/icon_WeChat.jpg" alt="bar-code" width="121"> </div> </div> </div> <div class="footer-site-line"> <div class="footer-container-line pl"></div> </div> <div class="footer-tips"> <p id="relatedLinks"> <a href=http://bsb.baidu.com/ target="_blank">网址检测</a> <a href=https://www.oasesalliance.com target="_blank">OASES联盟</a> <a href=http://bsrc.baidu.com/ target="_blank">BSRC</a> <a href=https://comate.baidu.com/ target="_blank">Comate智能代码助手</a> <a href=http://hao.lenovo.com.cn/?channel=bdsec target="_blank">智慧联想浏览器</a> <a href=https://www.freebuf.com/ target="_blank">FreeBuf</a> <a href=https://www.leiphone.com target="_blank">雷锋网</a> <a href=https://www.4hou.com/ target="_blank">嘶吼</a> <a href=https://www.bugbank.cn target="_blank">漏洞银行</a> <a href=https://developer.baidu.com/?hmsr=百度安全官网 target="_blank">百度开发者中心</a> <a href=https://ziyuan.baidu.com target="_blank">百度站长平台</a> <a href=https://cloud.baidu.com/ target="_blank">百度智能云</a> <a href=http://abcxueyuan.baidu.com target="_blank">百度云智学院</a> <a href=https://vr.baidu.com target="_blank">百度VR</a> <a href=https://pan.baidu.com/union target="_blank">百度网盘开放平台</a> <a href=https://app.baidu.com/newapp/index target="_blank">百度移动分发平台</a> <a href=https://www.seclover.com/ target="_blank">四叶草安全</a> <a href=https://e.baidu.com/lp/search/?refer=1320 target="_blank">企业推广</a> <p class="copyright"> <span>© 2025 Baidu </span> <a href="https://www.baidu.com/duty/" target="_blank"> 使用百度前必读</a> <a href="http://help.baidu.com/" target="_blank"> 意见反馈</a> <a href="https://beian.miit.gov.cn/" target="_blank">京ICP证030173号</a> <a href="https://beian.miit.gov.cn/" target="_blank">京公网安备11000002000001号</a> </p> </div> <div class="contact"> <a href="" class="gotop" id="backTop"> <img src="/webstatic/img/bbs/icon_backtothetop@1x.svg"> </a> <a href="" class="aboatqr active"> </a> </div> <div class="contact-info hidden-style"> 关注我们<br> <img src="/webstatic/img/newicon/icon_WeChat.jpg" alt="" width="121"> </div> </div> <div class="overall-form-box saas-modal"> <div class="modal-con overall-form-con"> <h3 class="modal-con-h3"> </h3> <span class="overall-form-close modal-close" id="closeForm"></span> <div class="overall-form-mod"> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>身份类型</span> </div> <div class="overall-mod-list-right"> <div class="overall-type-box mr40 ml10"> <span class="overall-type-select on" data-type=2><i></i>️</span> <span class="overall-type-val">企业</span> </div> <div class="overall-type-box"> <span class="overall-type-select" data-type=1><i></i>️</span> <span class="overall-type-val">个人</span> </div> <div class="waring-hint"> </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>企业名称</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实企业名称" id="enterpriseName"> <div class="waring-hint"> 企业名称不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>真实姓名</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实姓名便于联系" id="enterpriseUserName"> <div class="waring-hint"> 真实姓名不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>电话号码</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实电话号码便于联系" id="enterprisePhone"> <div class="waring-hint" id="phoneHint"> 电话号码不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>邮箱</span> </div> <div class="overall-mod-list-right"> <input type="text" placeholder="请输入真实邮箱便于联系" id="enterpriseEmail"> <div class="waring-hint" id="emailHint"> 邮箱不能为空 </div> </div> </div> <div class="overall-mod-list overall-mod-list-handle-select"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>申请服务</span> </div> <div class="overall-mod-list-right"> <div class="overall-mod-apply-select-container"> <select class="overall-mod-apply-select" placeholder="申请服务" id="applySelect"> <option value="智能硬件“安全+”">智能硬件“安全+”</option> <option value="个人信息保护">个人信息保护</option> <option value="远程办公守护(WAF+VPN)">远程办公守护(WAF+VPN)</option> <option value="公益平台保护">公益平台保护</option> <option value="云加速SCDN">云加速SCDN</option> <option value="业务风控">业务风控</option> <option value="APP消息推送">APP消息推送</option> </select> </div> <div class="waring-hint"> </div> </div> </div> <div class="overall-mod-list overall-mod-list-handle-textarea on"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>咨询内容</span> </div> <div class="overall-mod-list-right"> <textarea placeholder="请描述你想咨询的内容" class="overall-textarea"></textarea> <div class="waring-hint"> 咨询内容不能为空 </div> </div> </div> <div class="overall-mod-list"> <div class="overall-mod-list-left"> <span class="hintStart">*</span><span>验证码</span> </div> <div class="overall-mod-list-right pr"> <input type="text" placeholder="请输入右侧验证码" class="width140" id="enterpriseCode"> <div class="overall-code" id="overallCode"> <img src="/catpcha" alt="" height="100%"> </div> <div class="waring-hint" id="codeHint"> 验证码不能为空 </div> </div> </div> <div class="overall-submit saas-btn fr"> 提交 </div> </div> </div> </div> <div class="overall-form-success saas-modal"> <div class="modal-con overall-form-con"> <span class="overall-form-close close-form-success modal-close"></span> <div class="form-modal-title"> 提交成功 </div> <img src="/webstatic/img/footer/icon_success.svg" alt="" class="form-modal-img"> <div class="form-modal-text"> 您的申请已提交,之后会有我们的商务团队与您联系,谢谢! </div> <div class="close-form-success saas-btn"> 关闭 </div> </div> </div> <div class="saas-login-dialog"> <div class="saas-login-container"> <div class="saas-login-container-left"> </div> <div class="saas-login-container-right"> <div class="saas-login-container-right-title"> <div class="saas-login-dialog-close"></div> </div> <div class="saas-login-dialog-tab clearfix"> <div class="saas-login-dialog-tab-item active">百度账号</div> <div class="saas-login-dialog-tab-item">百度推广账号</div> </div> <div class="saas-login-container-right-body"> <div class="passport-login saas-login-dialog-tab-container active"> <div id="passport-login"></div> </div> <div class="saas-login-dialog-tab-container"> <div id="uc-passport-login"></div> </div> </div> <div class="saas-login-container-right-footer"> 温馨提示:与百度搜索、百度贴吧、百度云盘、百度知道、百度文库等产品通用。 </div> </div> </div> </div> <div class="conpin saas-modal"> <div class="conpin-container"> <div class="conpin-close"></div> <div class="conpin-value show" data-key="voucher_price"> <div class="conpin-value-unit">¥</div> <div class="conpin-value-price">0</div> <div class="conpin-value-des">现金券</div> </div> <div class="conpin-value"></div> <div class="conpin-value" data-key="try_time"> <div class="conpin-value-price">0</div> <!-- <div class="conpin-value-unit">天</div> --> <div class="conpin-value-des">兑换券</div> </div> <div class="conpin-name"></div> <div class="conpin-btn">立即领取</div> <div class="conpin-no-login">登录即可领取优惠券</div> <div class="conpin-success">领取成功</div> </div> </div><script src="//hm.baidu.com/hm.js?3bc064e919b01ed9e8c5459f2fae3fe4"></script> <script src="/webstatic/lib/jquery.min.js?ver=1744099270"></script> <script type="text/javascript" src="//passport.baidu.com/passApi/js/wrapper.js?ver=1744099270"></script><script type="text/javascript" src="//cas.baidu.com/staticv2/dep/common-login/api.js?ver=1744099270"></script> <script src="/webstatic/js/renderPage.js?ver=1744099270"></script> <script src="/webstatic/js/forum.js?ver=1744099270"></script><script> (function () { var path = [ '/haoma/search', '/haoma/common', '/page/', '/product/', '/activity/prize', 'vdc/fileCheck', '/activity/srd', '/activity/su', '/springer/plan', '/bsi/index', '/activity/newYear', '/partner/apply' ]; window.antibotObserver = null; if (window.createObserver) { window.antibotObserver = createObserver(); } var len = path.length; var pathname = location.pathname; var search = location.search; var isTargetPage = false; var key = '__abbaidu_20181211_cb'; for (var i = 0; i < len; i++) { var curIndex = pathname.indexOf(path[i]); if (curIndex >= 0) { isTargetPage = true; } } if (/voucher_id/.test(search) && /voucher_flag/.test(search)) { isTargetPage = true; } if (isTargetPage) { window['__abbaidu_2024_subidgetf'] = function () { var subid = '1234'; return subid; }; window['__abbaidu_2024_cb'] = function (responseData) { if (window.localStorage) { window.localStorage.setItem(key, responseData); if (loadPageReport) { loadPageReport(responseData); } if (window.antibotObserver && window.antibotObserver.listen) { var data = {}; try { data = JSON.parse(responseData); } catch (e) { data = {}; } window.antibotObserver.listen(data); } } }; var script = document.createElement('script'); script.src = 'https://dlswbr.baidu.com/heicha/mw/abclite-2024-s.js'; document.body.appendChild(script); } else { if (window.localStorage) { window.localStorage.removeItem(key); } } })(); </script> </body> </html>