TechKnow

Author Topic: [ANDROID APP] CloudKiller: Trojan Removal Android App  (Read 8735 times)

0 Members and 1 Guest are viewing this topic.

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
[ANDROID APP] CloudKiller: Trojan Removal Android App
« on: May 21, 2015, 09:07:12 PM »


CloudKiller, trojan removal tool


*screenshot of the registered version with SystemUI fix.

Sadly enough, a lot of tablets are preinstalled with malware, a trojan to be exact. This malware resides deep into the tablet's Android firmware. The trojan is compiled in such way that it is a part of the OS. If removed, the tablet will display a red DEMO text on the screen. If you contact a reseller about this problem, they will tell you to install CloudsService.apk, which connects way too much of your data to cloudsota.com. This tool frees your device of this trojan and removes the demo lock as well. Read more about this trojan in: 2015: Malicious Activities of Chinese Tablets


Changelog:

* tested the scanner fully with various versions of the trojan
* tested the removal with various versions of the trojan
* tested the SD Loading of the SystemUI.apk yet
* Optimized SD card detection for AllWinner/WonderMedia and RockChip based devices
* Includes backup procedure in case anything goes wrong


Requirements:

* root
* busybox (buildin check: longpress "Scan now" to check this requirement)


Usage:

1. Get a Clean SystemUI for your model (all models and Android version listed in the post)
2. Place the clean SystemUI on your SD card together with the CloudKiller (CloudsService removal tool) APK file.
3. Start the tool, press "Help" for detailed instructions, basically you need to remove and deactivate the trojan and replace your SystemUI, then reboot.


1. Download: CloudKiller (com.hch.cloudkiller.20150615.apk) 153KB

Please consider donating to support my projects and hosting:


2. Download Clean SystemUI's:

A13 Clean SystemUI 4.0.3
A13 Clean SystemUI 4.0.4

Download:
Malware.Clean.A13.SystemUIs.for.CloudKiller.rar 1 MB

A20 Clean SystemUI 4.2.2
A23 Clean SystemUI 4.2.2
A23 Clean SystemUI 4.4.2
A31 Clean SystemUI 4.1.1
A31 Clean SystemUI 4.2.2
A31 Clean SystemUI 4.4.2
A31S Clean SystemUI 4.2.2
A31S Clean SystemUI 4.4.2
A31S Clean SystemUI 4.4.2 Alternative
A33 Clean SystemUI 4.4.2
RK3026 Clean SystemUI 4.2
RK3066 Clean SystemUI 4.1.1
RK3188 Clean SystemUI 4.2.2
RK3188 Clean SystemUI 4.4
RK3188 Clean SystemUI 4.4.2
RK3288 Clean SystemUI 4.4.2
WM8850 Clean SystemUI 4.0.3
WM8850 Clean SystemUI 4.0.3 v1.5.1
WM8850 Clean SystemUI 4.1.1

Download:
Malware.Clean.SystemUIs.for.CloudKiller.rar 15 MB

HcH
« Last Edit: July 25, 2017, 09:58:30 AM by HardcoreHacker »

Offline mtwiscool

  • Site Donor
  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
  • Uber-Noobie
Re: CloudKiller: Trojan Removal Android App
« Reply #1 on: May 22, 2015, 02:22:58 PM »
systemui please?
A33 4.4.2 v140D

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: CloudKiller: Trojan Removal Android App
« Reply #2 on: May 22, 2015, 03:04:06 PM »
systemui please?
A33 4.4.2 v140D
Hello mtwiscool,

I'll upload it for you tonight! :-) I'm now @ work, so 3-4 hours and I'm home ;)

Cheers!

HcH

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: CloudKiller: Trojan Removal Android App
« Reply #3 on: May 22, 2015, 03:09:07 PM »
systemui please?
A33 4.4.2 v140D
Hello mtwiscool,

I'll upload it for you tonight! :-) I'm now @ work, so 3-4 hours and I'm home ;)

Cheers!

HcH
Or maybe sooner than that:

Offline trevd

  • Site Donor
  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
  • Uber-Noobie
  • Tablet / Size / Model: V11 A33 10"
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #4 on: March 09, 2016, 01:59:41 PM »
Hi all,
I joined/donated to the site shortly after buying an A33 tablet and discovering the malware. I was pleased to see that somebody somewhere was willing to help with this malware.
I tried cloudkiller and it worked for the most part. After a week the cloudsota signs started popping up again so I would run cloudkiller again. After a while I got frustrated and using root explorer i began to delete the various cloudsota looking apps files. unfortunately I deleted the clean systemUI.apk I installed from here and bricked my tablet.....
Luckily before bricking I had usb debugging enabled and when I connect to my laptop I can see the internal and external memory as hard drives but cannot access them.
A few months past and I've gotten over my disappointment for being so stupid so I would like some assistance if posssible. I understand I will need to push the systemUI though adb. I have a vista laptop and may be able to borrow a win 10 machine if needs be.

I dont know any more after this, any help would be appreciated,

Trev

Offline mamychang

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
  • Uber-Noobie
  • Tablet / Size / Model: A33 tablet
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #5 on: March 10, 2016, 02:05:16 AM »
Hi , I have bricked my A33 v90 (9 inch) by doing exactly the same thing ! I have managed to reinstall the whole firmware using the 'PhoenixUSBpro' software on windows7 (it should work on vista too).
You'll have to find the right firmware , download it and install it using a usb cable.

http   ://mytabletguru.com/allwinner-a33-firmware-and-tool/

A33+V11+10.1    could work for your model


« Last Edit: March 10, 2016, 02:10:32 AM by mamychang »

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #6 on: March 10, 2016, 11:31:00 AM »
Hi , I have bricked my A33 v90 (9 inch) by doing exactly the same thing ! I have managed to reinstall the whole firmware using the 'PhoenixUSBpro' software on windows7 (it should work on vista too).
You'll have to find the right firmware , download it and install it using a usb cable.

http   ://mytabletguru.com/allwinner-a33-firmware-and-tool/

A33+V11+10.1    could work for your model
Hey mamychang,

I'm not sure if I understand your post, what have you tried doing and why did you need to reinstall the firmware?

Thanks for the link!

HcH

Offline godass

  • Site Donor
  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
  • Uber-Noobie
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #7 on: March 20, 2016, 07:56:16 PM »
I did the same thing, halfbrick my tablet after trying to remove the trojan. Something went wrong. Now i got a firmware (not the original) reintalled but wifi and camera are not working. Cannot retrieve to right firmware. I test 5 differents without success. After donate in your site and read almost all the forum, i found no clue on how to fix it.

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #8 on: March 21, 2016, 03:51:21 PM »
I did the same thing, halfbrick my tablet after trying to remove the trojan. Something went wrong. Now i got a firmware (not the original) reintalled but wifi and camera are not working. Cannot retrieve to right firmware. I test 5 differents without success. After donate in your site and read almost all the forum, i found no clue on how to fix it.
Hey godass,

thanks for the support.

The Chinese now hide the trojan in the boot img, and I have no modern device to test / develop further on.

For me, it's game over, with no sponsors and just barely enough to pay for the hosting I'm out of the Android game (since 2013, almost 3 years already) I've developed this tool in a attempt to get some extra cash and buy / support new Android devices, but that has failed! The tool works for older devices just fine but now with the new trojan it indeed fails.

I have no idea who else cares about AllWinner and their trojans nowadays.

If you want your donation back that's fine and understandable.

HcH

Offline godass

  • Site Donor
  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
  • Uber-Noobie
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #9 on: March 22, 2016, 02:50:57 AM »
Sorry, my english is terrible, you did a great work and it's not your fault if cheap product come with Trojan. Keep the money, you did a great job. The tablet was for my kid and those ad's was just causing more trouble than pleasure for them, I will throw it to garbage and i'm done with cheap stuff from china.

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #10 on: March 22, 2016, 08:46:29 AM »
Sorry, my english is terrible, you did a great work and it's not your fault if cheap product come with Trojan. Keep the money, you did a great job. The tablet was for my kid and those ad's was just causing more trouble than pleasure for them, I will throw it to garbage and i'm done with cheap stuff from china.
Hey godas , estoy también bastante hecho con el material chino barato aquí . Gracias por las amables palabras y muchas gracias por el apoyo que TechKnow puede utilizar realmente bien hoy ! ¡Que tengas un buen día!

(I cheated and used Google translate, I hope it makes some sense hehe)

Hey godas, I'm also quite done with the cheap chinese stuff over here. Thanks for the kind words and thank you very much for the support that TechKnow can really use well today! Have a nice day!

Cheers,

HcH

Offline trevd

  • Site Donor
  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
  • Uber-Noobie
  • Tablet / Size / Model: V11 A33 10"
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #11 on: March 25, 2016, 04:54:24 AM »
@HcH

You're welcome to borrow mine to play around with. I still haven't unbricked it!!

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #12 on: March 25, 2016, 11:01:16 AM »
@HcH

You're welcome to borrow mine to play around with. I still haven't unbricked it!!
That is most kind of you trevd and MUCH apprieciated! But I'm out of the Android game/development and it doesn't look good for the site at the moment as well. I thought the account of TechKnow expired next month but it's actually august, and with this host it's not cheap. The visitors have dropped to about 10 per day :( it's fading away silently I guess.

Offline Leo Javiex

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
  • @LeoJaviex
    • Flickr
  • Tablet / Size / Model: Tagital T10
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #13 on: August 26, 2016, 08:30:52 AM »
In making the "Scan now" yields the following: http://oi63.tinypic.com/svqtj5.jpg. Neither option seems to do something.

The same happens with "Remove Trojan": http://i65.tinypic.com/2ziop76.jpg. Any solution?


Tablet Tagital T10
Build number: bsdr_2155-eng 4.4.2 kvt49L 20150402 test-keys
Firmware: v2.0
« Last Edit: August 26, 2016, 08:43:12 AM by Leo Javiex »

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #14 on: August 26, 2016, 09:03:44 PM »
In making the "Scan now" yields the following: http://oi63.tinypic.com/svqtj5.jpg. Neither option seems to do something.

The same happens with "Remove Trojan": http://i65.tinypic.com/2ziop76.jpg. Any solution?


Tablet Tagital T10
Build number: bsdr_2155-eng 4.4.2 kvt49L 20150402 test-keys
Firmware: v2.0
Hello Leo Javiex,

this might occur when the replacement systemui is missing from your sd card. Though the scanner option should have worked... odd... perhaps they've changed something in these later build. Better manually check for any cloudservice.apk on your device then. If you require more instruction on that let me know.

HcH

Offline Leo Javiex

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
  • @LeoJaviex
    • Flickr
  • Tablet / Size / Model: Tagital T10
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #15 on: August 27, 2016, 06:04:36 AM »
I still can not solve. I do not see the cloudservice.apk activated, could only see the cloudkiller.

Another question, is it normal that in the last aparesca options "4.4" as seen in the images previously shared? Thank you.

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: [ANDROID APP] CloudKiller: Trojan Removal Android App
« Reply #16 on: August 30, 2016, 01:13:40 PM »
I still can not solve. I do not see the cloudservice.apk activated, could only see the cloudkiller.

Another question, is it normal that in the last aparesca options "4.4" as seen in the images previously shared? Thank you.
Sorry I have no idea what you are talking about.