TrojanSMS-PA

Jukka41
Jukka41 Posts: 4 Observer
edited April 2 in F-Secure Total

Two mobile phones received a message "Google app is infected - immediately uninstall". I checked both phones with F-Secure virus protection and found nothing. What should I do ?

Accepted Answer

  • Ukko
    Ukko Posts: 3,617 Superuser
    Answer ✓

    Hello,

    Before I tried to search more information about "TrojanSMS-PA" (as an entry point to understanding what this detection for), I planned to ask some things like:

    • by which way or how your phones received "a message"? Is it system notification, SMS, browser's website notification or from application?
    • where this detection name is written?
    • "Google app is infected - immediately uninstall" sounds as a behavior of scareware or some joke/scam activities (to force Android user perform something for a further payload).

    However, then I found that this kind of trouble is a pretty 'hot' now. There are a lot of discussion all over the places (websites, forums, communities, help-desks and so on). A couple of days already, at least.

    If I understood correctly, the most affected devices are Huawei.

    For example, this Google Support's topic: Security Threat on android - Android Community (google.com)

    with a meaning that this is 'internal' bug of Optimiser app (based on this discussion).

    What is your mobile device manufacturer?

    You may try to digging this topic a bit more (by search-query "TrojanSMS-PA") - but be careful. Because it is likely that some of the 'advices' or instruction are misleading or rogue.

    As such, I think - the best way is to wait 'update' from Google or from device manufacturer.

    Thanks!

    // by the way, I always thought that Google app is a bit of tricky. :)

Answers

  • nupa
    nupa Posts: 1 New Member

    Same ..

  • Jukka41
    Jukka41 Posts: 4 Observer

    Hi - many thanks for your response - this message came by opening google in Huawei-phones (Huawei P20 is mine) - I do not have access to my wife's Huawei at the moment, but it is about the same age. In both cases F-Secure scanning found nothing, whereas Huawei's Optimizer app flagged a malware threat. I emptied the Optimizer memory and it helped once, but now the message comes every time I launch Google - still no message from F-Secure Virus & Threat protection (F-Secure Total), which I relaunched manually just now: "All clear! No detections". Appreciate any further help.

  • Ukko
    Ukko Posts: 3,617 Superuser
    edited October 2023

    Hello,

    From what I managed to find out by reading some user discussions on google support pages. In addition to Huawei devices, there may also be the same problem for Honor and Vivo devices.

    So, with Huawei's Optimizer app - most likely this is false positive detection. That is, there is no threat to you. Otherwise, it is unclear why there are no statements to the contrary from anyone or representatives of Google/Huawei. For this reason (most likely) - F-Secure does not detect anything, like a number of other vendors.

    This false positive happened to the recent/latest update of "Google" app (as I think). Thus, I see a temporary solution as follows:

    • temporarily deactivate or disable the Google app. so, no risk to your device and obviously Optimizer will not be able to flag it again.

    When you cleared cache/storage/memory of Optimizer app - the detection is gone; When you, then, decided to open Google app - Optimizer's detection is re-triggered and shown again.

    I saw one comment that they tried to stop Optimizer app (as an option in Settings), only then cleared cache/data/storage/memory. Beforehand, make sure that "Google" app itself is with the latest available update.

    With my devices - I can’t check the situation (they are all Nokia). But I think the best solution is to hope that the problem will be solved automatically soon, but for now just try to either ignore the "detection notification from Optimizer" or refrain from using the Google app. Instead you could use Google Search on any browser or something like this. By myself - I do not use "Google" app (as I think the subject is).

    As a point to double-check - you can manually try to find if Optimizer app has any "virus definition databases" in its user interface (so, to update them manually). And check if both apps has pending updates (so, to install them).

    Thanks!

    // one thing to clarify - despite the fact that this message came by opening Google app, could you verify that in Optimizer app - it is listed as a detection for Google app (and not about any other application).

  • Jukka41
    Jukka41 Posts: 4 Observer

    Hi - many thanks - I switched to use Google with the Safe Browser - I will stop using the Google app and see what an update will bring.

This discussion has been closed.