Kaspersky
Question

webinspector (Android OS) detected as Trojan heur:trojan.androidos.boogr.gsh

  • 17 November 2020
  • 11 replies
  • 1311 views

I have an app downloaded called webinspector this app was blocked by kaspersky because it had this trojan in it. I have several apps installed and after ich removed the Webinspector app(i did not open it) i downloaded malwareebytes, bitdefender, sophos mcaffee zone alarm and lookout.

After i ran a scan with lookout they say that FOSS browser (downloaded by the google play store by me) was malware (a trojan) and after that i updated all my apps after that i got a notification that Blokada Slim S was a surveillance app and i should remove it. But both of these Apps are not malicious. What can you do to resolve this and stop the trojan from infection other apps?


11 replies

Userlevel 7
Badge +9

Hello @Tino Wrea

Welcome!

To enable us to test: 

  1. Specifically, which webinspector → there’s many in the Google Play Store; post an image of the app from the Google Play Store please?
  2. Post images of all alerts & blocked apps? 
  3. KIS version?
  4. Android version? 
  5. Is KIS premium/subscription license or free? 
  • We’ve tested FOSS browser, from Google Play Store, android 10, KIS 11.57.4.4190, does not block & or send any alerts.
  • We’ve tested Blokada Slim S, from Google Play Store, android 10, KIS 11.57.4.4190, does not block & or send any alerts.
  • Personal opinion, we don’t like the fact Blokada Slim S, does not work without their VPN:thinking:

 

 

 

 

 

Please post back?

Thank you:pray_tone3:

Flood:whale: +:whale2:

hi Flood and Flood's wife 

1.i send you the pic with the “web inspector (open source)”

  1. unfortunately i can’t send it right now
  2. but there is a pic with blokada marked as surveillance app and also FOSS browser was trojan detected
  3. I’m using

    Kaspersky Internet Security

    4.Yes android

    1. free
    2. and it didn’t detect blokada Slim S normally but after i downloaded web inspector i got a warning first from Lookout (Trojan dectected (FOSS Browser) and after that all antivirus said, that Blokada Slim was a “surveillanceware”.
    3. I think that web inspector open source app had malicious code that infected the other apps.

It was detected heur:trojan.androidos.boogr.gsh

I hope you can help me, if not pls show me how to do factory reset , that is the last thing i want to do but if i have to then i gotta do this. And how do you save important stuff?

and somehow clash of clans (one of my apps is going from 195mb to 801 mb) and im in safe mode.and clash royal is going from 163 to 1.2 gb)

pls help fast

 

all apps are installed from the google play store i forgot to say

 

also on github (the app)

https://github.com/agusibrahim/Android-Web-Inspector/issues/1

https://apt.izzysoft.de/fdroid/index/apk/ai.agusibrahim.xhrlog

 

pls help

 

Userlevel 7
Badge +4

Hello,

Could you provide the app apk file via PM to me?

Regards.

Userlevel 7
Badge +4

pls help

 


Hello,

I have posted a re-analyze request on KL opentip. Waitting for their response now.

Regards.

https://apt.izzysoft.de/fdroid/repo/ai.agusibrahim.xhrlog_1.apk

Be careful it might be a rootkit in android or an worm actually.

And if you’ve analysed it please tell me how to completely remove it from my smartphone at best without factory reset. Now it has 3 avs detected it as malicious.  There is also an apk file with 0,90 mb ((https://github.com/agusibrahim/Android-Web-Inspector/blob/master/WebInspector_ai.apk)without trojan i think) and then that from the play store (1.71 mb https://apt.izzysoft.de/fdroid/repo/ai.agusibrahim.xhrlog_1.apk) and it has the malicious code in it because it cloudn’t download anything from the internet because i have a firewall (Netguard) and the base.apk was detected by kaspersky only.

this is the official website of them https://apt.izzysoft.de/fdroid/index/apk/ai.agusibrahim.xhrlog

and if you click on malware check :passed  it goes to the url:https://www.virustotal.com/gui/file/059a116b57d9d437d6e98c7cb682b85b1fc5c2b2195d1dca7856f45cdad5daf0/detection which is the detected file . I hope you can resolve this issue and help me safe my smartphone

Reply