Jump to content

Recommended Posts

Hi!

I'm here to ask about detected application.

It's "EWPE Smart", available in Play Store: https://play.google.com/store/apps/details?id=com.gree.ewpesmart

This app is used to control the air conditioners (thru AC WiFi modules), at least my Cooper&Hunter AC may be controlled by this app.

ESET Mobile Security detected Android/Packed.Jiagu.D in it (/data/app/com.gree.ewpesmart-blablabla/base.apk) and set it to "potentially unwanted app" category.

Should I inform someone (from Cooper&Hunter, maybe) about this issue, or this could be normal for this app?

I did some easy search, and found someone posted about another app with this issue: 

 

(it's better to look the full thread)

He says "it's just a packer".

So, if this is kinda "manufacturer recommended app" - what I am supposed to do?

Thank you!

Share this post


Link to post
Share on other sites

Also, if I extract the apk to sdcard, and send it to my PC, ESET Smart Security Premium is not seeing apk-file as something bad, it says file is OK.

Share this post


Link to post
Share on other sites

But if I launch the scan, mobile ESET says this extracted apk is unwanted.

Share this post


Link to post
Share on other sites
2 hours ago, denixx said:

But if I launch the scan, mobile ESET says this extracted apk is unwanted.

Based on what you posted in your first posting, I would say the packer used is performing activities on Android based devices specific to the OS used on the device. When run on a PC, the packer might either fail to extract altogether or just shut itself down.

Note that other AV solutions on VT are also detecting something; notably WD and Fortinet.

Quote

Should I inform someone (from Cooper&Hunter, maybe) about this issue,

I would contact them. At least, they should be able to inform you it is a FP. If this is the case, you could then select "Ignore" in the Eset PUA detection alert.

However, be aware that many manufacturers out source their software support to third parties; many in China. Supply chain based malware is a big concern currently.

 

Edited by itman

Share this post


Link to post
Share on other sites
11 hours ago, itman said:

Note that other AV solutions on VT are also detecting something; notably WD and Fortinet.

Opened link to virustotal again just now, and seeing only 6 of AVs for now.

Looks like Fortinet is not in that list today. What is WD? Looks like it is not in list too.

Share this post


Link to post
Share on other sites
4 hours ago, denixx said:

What is WD? Looks like it is not in list too.

Listed on VT as Microsoft.

Submit the file to Eset as a possible false positive per this posted forum FAQ:

Quote

False positive reports
To submit a possible False Positive see Submit a suspicious website / potential false positive / potential miscategorization by Parental control to ESET for analysis when you wish to submit via email or use Submit sample for analysis function from the program GUI of ESET product installed on your computer.

 

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...