mimicromax.com

[adguard-bot]

Issue URL (Ads)

http://mimicromax.com

Comment

Hello.

The electronic manufacturer 'Micromax India" has been providing cheap-to-buy devices like mobiles and Tablets and Mini-laptops powered by android & few windows. However, the actual price user pays is by allowing micromax preinstall rouge adwares that consumes heavy data and collects user-specific data to build profiles and bombard them with advertisements. These adwares often lead to some webpage in browser where user is convinced that their "Device has 47 virus, clean up in 2:30s (countdown clock) and user is forced to download some random, fake antimalware (not from googleplay, but from the web) that probably collects more and more data. Sometimes users are even redirected to phishing page where they claim " Spin the luck wheel, OH You have won IPHONE blablabla give us your name,email ID, city code, address and which bank you use and other data to claim the price". Just checked via Adguard For andrid and it does not block it by default. I had to build a DNS profile rule to make sure no connection is made to the adware C&C server.

Also, the file explorer provided by default is flagged as malicious by various anti-malware security suites like Bitdefender. Kaspersky, Emsisoft, Eset, McAfee, Symentec, GData and Avira.

The Android package name of these preinstalled adwares :

1. "System Update.apk" package name : com.rock.gota hash : fefc4608864d5493d749ce6c69293bed8d465e4fee52a82a36dd31604c7ed627 Virustotal : https://www.virustotal.com/gui/file/fefc4608864d5493d749ce6c69293bed8d465e4fee52a82a36dd31604c7ed627/detection

[Currently detected by 21 antimalware engines at the moment of sending the report to adguard]

2. "File Manager.apk" Package Name : com.hll.fileexplorer Hash : 28e869576d2d59efd90037c2462509d8eec32c994a467c330826e32a8f18d878 Virustotal Link : https://www.virustotal.com/gui/file/28e869576d2d59efd90037c2462509d8eec32c994a467c330826e32a8f18d878/detection

And no. These are not false-positives. These are fully funtional harmfull data harvesting malwares that are identified by more than 20 malware engines on virustotal.

Honestly, I could go on and on and on about this company and its malware-laced products. But I'll get down to the point. Here are the domains that I've blocked using dns filters manually which I reckon Adguard should block by default via their DNS Protection since there are millions of micromax devices active in market, collecting data and building profiles (probably illegally) and bombarding users devices with advertisements, harming their battery since they run continuously in the background and consume data, and most of all, these can-not be disabled or uninstalled from the device. :

||fotapro.mimicromax.com^ ||mimicromax.com^ ||in.wzrkt.com^ ||around.micromaxinfo.com^

Im pretty sure there would be more urls that i missed to capture. Millions of people use products from such companies since they are "cheap to buy". Im sure Adguard team will look upon this serious data harvesting campaing in India.

Screenshots

Screenshot 1


Screenshot 2


Screenshot 3


System configuration

Information	value
Platform:	Adguard DNS
Browser:	Chrome
Filters:	AdGuard Base, AdGuard Tracking Protection, AdGuard Social Media, AdGuard Experimental, AdGuard Mobile Ads, AdGuard Annoyances, EasyList, EasyPrivacy, Fanboy's Annoyances, Fanboy's Social Blocking List, Web Annoyances Ultralist, Peter Lowe's list, Adblock Warning Removal List, Fanboy's Enhanced Tracking List

[Alex-302]

wzrkt.com is already blocked. Added |http$app=com.rock.gota|com.hll.fileexplorer

||ads.go2reach.com^ ||mimicromax.com^