English Community

Software and Operating SystemSecurity & Malware
All Forum Topics
Options

Luespy malware detected by Malwarebytes

2015-05-22, 19:44 PM

I have a Lenovo S8-50F tablet. It's never been rooted, applications have been installed only from the Play Store.

 

Yesterday Malwarebytes Anti-Malware started to detect Android/Trojan.Spy.Luespy in the file /system/priv-app/LSF-UEService-Pad_RoW.apkVirusTotal claims that this application package comes from Lenovo.

 

 

Is LSF-UEService-Pad_RoW.apk a pre-installed app from Lenovo?

What's its purpose?

Why do ESET and Malwarebytes consider it malicious?

 

 

Additional information:

  • I reset the device to factory settings, installed the Malwarebytes app and the scan detected the same malware again.
  • Question about Luespy was asked before but there is no definitive answer in that thread.
Solved! See the solution
Reply
Options

2332 Posts

05-01-2010

US

12568 Signins

145273 Page Views

  • Posts: 2332
  • Registered: ‎05-01-2010
  • Location: US
  • Views: 145273
  • Message 2 of 11

Re: Luespy malware detected by Malwarebytes

2015-05-22, 21:59 PM

Hi chopeen,

It appears to me that LSF-UEService-Phone-4.3.5.9_89_0206.apk is detected by 8/57 anti-virus applications because heuristic detection is used by those few.
http://www.welivesecurity.com/2010/12/29/what-are-heuristics/

 

If I were you, I would add that to your Malwarebytes Exclusions list within MBAM.

If you would like to pursue this you can post at Malwarebytes. I'm sure they will be able to help you with their specific detection.






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-Present
I am not employed by Microsoft or Lenovo.


Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues


Using Browser Search to Find Your Answers In Lenovo and Moto Community
Reply
Options

Re: Luespy malware detected by Malwarebytes

2015-05-22, 22:31 PM
I understand the alert may be a false positive.

But can you confirm there is actually an application by Lenovo called LSF-UEService?
Reply
Options

3 Posts

05-22-2015

United Kingdom

2 Signins

11 Page Views

  • Posts: 3
  • Registered: ‎05-22-2015
  • Location: United Kingdom
  • Views: 11
  • Message 4 of 11

Re: Luespy malware detected by Malwarebytes

2015-05-22, 23:27 PM

I have this too. Malwarebytes found it today whilst scanning.

I have contacted Malwarebytes and am awaiting their response.

Reply
Options

Re: Luespy malware detected by Malwarebytes

2015-05-26, 11:26 AM

Here's an explanation from Malwarebytes:

 

https://forums.malwarebytes.org/index.php?/topic/168743-luespy-malware-or-false-positive/?p=965144

 

Thanks for reporting, this looks to be some type of User Experience type app, runs as a service and collects data to report back to Lenovo. it has a EULA the user should have to agree to. We detect because of its tracking and reporting capabilities, if you are concerned about the app as a threat you disable via App settings.

We'll look at the possibility that this is a FP (false positive) and could revise the detection to a PUP (Potentially Unwanted Program) to at least inform users that it is a tracker.

0 person found this solution to be helpful.

This helped me too

Reply
Options

3 Posts

05-22-2015

United Kingdom

2 Signins

11 Page Views

  • Posts: 3
  • Registered: ‎05-22-2015
  • Location: United Kingdom
  • Views: 11
  • Message 6 of 11

Re: Luespy malware detected by Malwarebytes

2015-05-26, 12:01 PM

Many thanks for your help and assistance. It has put my mind at rest.

Reply
Options

3 Posts

05-22-2015

United Kingdom

2 Signins

11 Page Views

  • Posts: 3
  • Registered: ‎05-22-2015
  • Location: United Kingdom
  • Views: 11
  • Message 7 of 11

Re: Luespy malware detected by Malwarebytes

2015-05-26, 12:10 PM

I presume it is safe enough to add to whitelist? To avoid seeing this when scanning!

Thanks again. 

Reply
Options

2332 Posts

05-01-2010

US

12568 Signins

145273 Page Views

  • Posts: 2332
  • Registered: ‎05-01-2010
  • Location: US
  • Views: 145273
  • Message 8 of 11

Re: Luespy malware detected by Malwarebytes

2015-05-26, 13:49 PM

Thank you for the feedback, chopeen.
For now I'd whitelist it, and keep an eye on that discussion at MBAM to see what they decide to do with it.
It's interesting that back in March on the VirusTotal report, MBAM classified that as being ok. If Lenovo did not change anything in an update, MBAM must have changed their detection since then.

Good work, everyone! SmileyThumbUp.gif

Reply
Options

2 Posts

05-26-2015

India

13 Signins

44 Page Views

  • Posts: 2
  • Registered: ‎05-26-2015
  • Location: India
  • Views: 44
  • Message 9 of 11

Re: Luespy malware detected by Malwarebytes

2015-05-26, 17:28 PM

The Luespy detection was first made by MBAM in my Lenovo A6000, on 22.05.15. The last system update provided by Lenovo was in the first week of March, so this detection was well after the last update. In between I ran MBAM on many days, but it did not detect anything till 22.05.15.

 

I and my friends who have bought the Lenovo A6000 are now at a loss as to what we should be doing, whether we should wait for MBAM to clearly say that it is safe to use the phones and we can ignore the detection, or keep using the phones at the risk of there being a genuine trojan which might create problems for us.

 

As such, we hope that Lenovo reads these entries in their own forum, and informs us definitively what exactly this User Experience app does, and why suddenly MBAM had detected it as a trojan.

 

We feel that Lenovo owes this to their customers such as ourselves, since in the first place we are not informed, before buying such phones, about the existence of such apps in the phones, or what they do.

Reply
Options

2 Posts

05-26-2015

India

13 Signins

44 Page Views

  • Posts: 2
  • Registered: ‎05-26-2015
  • Location: India
  • Views: 44
  • Message 10 of 11

Re: Luespy malware detected by Malwarebytes

2015-05-28, 12:13 PM

The silence on the part of Lenovo on this issue is unnerving. We presume that they must be reading the posts in these forums.

 

We again look forward to a response from Lenovo on this matter. The issue, to summarize, is whether or not the UE app is a malicious data leakage threat to the users of Lenovo phones, or just a benign conduit for transmitting harmless data to Lenovo for reasons best known to them.

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete