Hi, I have an installed APK that is being flagged as having trojan Android/GinMaster.c!n on an x86-based Android device running McAfee Mobile Security
When I copy the APK to an SD card and test on an ARM device, the trojan reports no virus detected. Of course, I did not install the APK on this device.
I'm not aware of any place to upload an Android vector for McAfee to evaluate. Can someone please point me in the right direction to analyze if this file is infected, and how to possibly regress if this is a false positive or not. Thanks.
Wiped the device, reinstalled false positive, McAfee now declares virus free on the x86 device.
I'm thinking McAfee is not yet tested/certified on x86 devices, as it crashes a lot. I downloaded it on my RAZR i (Intel Medfield phone by Motorola) from the Amazon Appstore.
Perhaps McAfee may want to flag the app as incompatible for x86 on Amazon or add an install check on the APK until it is tested further for the architecture.
Regardless, I'm off to go change all the passwords that I fed the device... can't be 100% sure it wasn't contaminated somehow with an unknown exploit. Sigh...
Not sure if they read this section so best to report this to Technical Support if you want to. It's a free phone call or online chat and linked under Useful Links at the top of this page.
It's not free. It takes time (and effort) to do things in duplicate/triplicate. McAfee darn well better be reading their own forums.Message was edited by: christopherprice on 2/20/13 8:44:37 AM CST
The forums are mainly peer-to-peer support. Rarely a technician or developer will look in, and for that we can only hope they do.
What is this x86 device? x86 usually refers to a Windows installation.Message was edited by: Ex_Brit on 20/02/13 10:30:24 EST AM
I'll leave it at this, if your forum (like the Mobile Products forum) is only getting a few posts per week, it's a common industry practice to make sure it's read by someone on the team.Message was edited by: christopherprice on 2/20/13 9:14:36 AM CST
It's not my forum as I'm only a volunteer here but I'll send an email to someone at McAfee to see if I can get a mobile person to look in.
The time taken typing here could have been well spent with Support, but then that's just my thought on the matter.
I can't promise anything but I'll try.
Thank you for posting your concerns about the validity of this file. Outside of our McAfee Labs team, we (Support) treat any detection as malware until given the all clear. I think the fact that there was a specific detection should be a red flag, and you have made a good decision to not take a chance installing it.
I have emailed the team asking if you can use the standard process in the link above. One thing you might also try is submitting it to www.virustotal.com and replying back with the MD5 hash or test results URL. This will also show you if other AV companies are flagging the file.
Here's the hash: 07e76dce4cbbee20df20e94284c3f6bbf2c25ac10b4523b48d3c85da5041cfcb
Part of the problem with Android malware is that an APK runs in an altered state on the device. But, my expectation is that it's a false positive since re-scanning the file after reinstalling McAfee reports no infection. This application was supplied by Google, so it is not likely it was infected.
My main concern is that bugs in the scanning process on McAfee when on an x86 Android device might be triggering false positives, simply based on the number of force close errors I encountered when looking at the logs. If McAfee has been tested/approved for x86 devices, I'd be happy to regress further with McAfee, if not I'd suggest simply flagging on Amazon/GooglePlay that the Android version of McAfee Mobile Security is not yet x86-compatible.