Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app, warning that it is detected as the 'TrojanSMS-PA' malware. In what appears to be a false positive, these security alerts warn that "Immediate uninstallation is advised," as the app is now considered high risk, as shown by the alert below from one of BleepingComputer's devices. When users click on the 'View Details' option, the alert warns that the app was detected secretly sending SMS messages. "This app was detected sending SMS privately, enticing users to pay with adult content, downloading/installing apps privately, or stealing private information, which may cause property damage and privacy leakage," reads the security alert details. This issue has been reported by many users on the Google support forums, Reddit, the Huawei forums, and various other Android communities. BleepingComputer contacted Google to determine if a recent app update might have caused the sudden uptick in malware warnings, but a spokesperson said Google Play Protect is not triggering the alert. BleepingComputer has independently verified that these alerts were shown on a Huawei device with Google's core apps pre-installed and no side-loaded apps. Google's explanation does not accurately reflect the types of Android devices impacted by these alerts. BleepingComputer confirmed that these alerts are being shown by the 'Huawei Optimizer' app on Huawei devices. It is unclear what apps are displaying the alerts for Vivo or Honor phones. If you have not side-loaded the Google app on your Huawei, Vivo, or Honor phone, it should be safe to ignore the warning and keep it running. While it is most likely these alerts are false positives, there has been no official comment from the device makers confirming this. A proposed solution for disabling the "False alarm" is to go to Settings > Apps > Optimizer > App Info > Storage > Clear Cache / Clear Data and then reboot your device. If that doesn't work, try to uninstall and reinstall the Huawei Optimizer app. This action should refresh its outdated signature database, eliminating the incorrect false positive warnings. BleepingComputer also contacted Huawei and Vivo for a comment, but we have yet to receive a response from the Chinese smartphone makers. Roid adware apps on Google Play amass two million installs. SpyNote Android malware spreads via fake volcano eruption alerts. Fake 'RedAlert' rocket alert app for Israel installs Android spyware. Roid malware Xenomorph runs new campaign targeting the U.S. Android October security update fixes zero-days exploited in attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000