I'm having strange malicious behaviour on my Cubot Rainbow phone. I have done some research, but I couldn't find a solution, so I hope somebody here can help or has similiar experience. So that's the story:
I bought the phone in November and just 1 month later I observed the following malicious behaviour:
1.) I suddenly had an app called "Whish" which i had never installed
2.) AD-PopUps occured in WhatsApp, Microsoft Outlook and after unlocking the screen. These are always Ads for other Apps like Amazon.
3.) After opening Google Play vie the Apps Menu or Icon it the phone is automatically, unwillingly, redirecting me to some app download page.
4.) Auto-Redirect to dubious websites in chrome after opening reliable sites like WIKIPEDIA. I was redirected to sites like "Make money really fast" and "hot chick near you wants to f**k you"
These are the steps I tried:
1.) I ran several security scanners. One was saying that the System-App "SYSTEM UI" was malicious, the other one didn't find anything.
2.) I tried to deinstall all non-system apps --> Issue still occured
3.) I did a factory reset --> That fixed the problem for around 1 month but than the issue started again. This time an app called "mobile.de" has been installed without my confirmation.
After the factory reset i did only install from Play Store that are well known and have good ratings or are from trustworthy companies. Those are my Apps:
- Microsoft Outlook
- HEREWeGo (Microsofts Navigation App)
- Calendard Notify
- Deutsche Bahn (app for german public transportation)
- DVB (app for public transportation from the local tram/bus company)
Also if I access the Internet I'm just google things up. I do not watch porn or go to dark web sites or watch illegal streams or other dubious stuff.
As these apps seem all to be trustworthy, I fear the phone has malware preinstalled or that even the Play Store and Chrome App has been manipulated by the manufcatur. Because how can it be that the Play Store App automatically redirects me to a "random" app page just after opening "play Store" directly from the "Apps menu"? In a clean secure Play Store app that should not be possible, right?
At the moment I could resolve the redirecting in the Chrome Browser by going to Play Store --> Chrome --> "UPDATE" (previously i cleared the cache, which was not working). Chrome now seems to load pages faster in general. For me this also seems like an indiciation that Chrome may have been manipulated before. Because a clean secure Chrome App shouldn't redirect my from Wikipedia to a porn flirt chat, right?
I could also find some customer reviews on amazon.co.uk complaining about preinstalled maleware in other Cubot Phones. Some where complaining about "FotaProvider" and "Youtube" as being. Another one complained that the Phone was collecting personal data and sending it to china.
I already contacted the seller to return the phone, but if it is really preinstalled, I think the public should know. Is there a way to find it out? Or does have anyone simular issues?