denixx 7 Posted February 16, 2020 Posted February 16, 2020 Hi! I'm here to ask about detected application. It's "EWPE Smart", available in Play Store: https://play.google.com/store/apps/details?id=com.gree.ewpesmart This app is used to control the air conditioners (thru AC WiFi modules), at least my Cooper&Hunter AC may be controlled by this app. ESET Mobile Security detected Android/Packed.Jiagu.D in it (/data/app/com.gree.ewpesmart-blablabla/base.apk) and set it to "potentially unwanted app" category. Should I inform someone (from Cooper&Hunter, maybe) about this issue, or this could be normal for this app? I did some easy search, and found someone posted about another app with this issue: (it's better to look the full thread) He says "it's just a packer". So, if this is kinda "manufacturer recommended app" - what I am supposed to do? Thank you!
denixx 7 Posted February 16, 2020 Author Posted February 16, 2020 Also, if I extract the apk to sdcard, and send it to my PC, ESET Smart Security Premium is not seeing apk-file as something bad, it says file is OK.
denixx 7 Posted February 16, 2020 Author Posted February 16, 2020 But if I launch the scan, mobile ESET says this extracted apk is unwanted.
denixx 7 Posted February 16, 2020 Author Posted February 16, 2020 (edited) https://www.virustotal.com/gui/file/8609b4f0effc79fa667cad6ae7b822329abcbce4850bb580ce8d8a8f38736477/detection Edited February 16, 2020 by denixx
itman 1,806 Posted February 16, 2020 Posted February 16, 2020 (edited) 2 hours ago, denixx said: But if I launch the scan, mobile ESET says this extracted apk is unwanted. Based on what you posted in your first posting, I would say the packer used is performing activities on Android based devices specific to the OS used on the device. When run on a PC, the packer might either fail to extract altogether or just shut itself down. Note that other AV solutions on VT are also detecting something; notably WD and Fortinet. Quote Should I inform someone (from Cooper&Hunter, maybe) about this issue, I would contact them. At least, they should be able to inform you it is a FP. If this is the case, you could then select "Ignore" in the Eset PUA detection alert. However, be aware that many manufacturers out source their software support to third parties; many in China. Supply chain based malware is a big concern currently. Edited February 16, 2020 by itman
denixx 7 Posted February 17, 2020 Author Posted February 17, 2020 11 hours ago, itman said: Note that other AV solutions on VT are also detecting something; notably WD and Fortinet. Opened link to virustotal again just now, and seeing only 6 of AVs for now. Looks like Fortinet is not in that list today. What is WD? Looks like it is not in list too.
itman 1,806 Posted February 17, 2020 Posted February 17, 2020 (edited) 4 hours ago, denixx said: What is WD? Looks like it is not in list too. Listed on VT as Microsoft. Submit the file to Eset as a possible false positive per this posted forum FAQ: Quote False positive reports To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer. Edited February 17, 2020 by itman denixx 1
Recommended Posts