Organizational: This has already been discussed in this general thread: http://forum.xda-developers.com/show...746900&page=33

But there it goes out of sight very quickly so we should use this new thread to discuss security concerns with Jiayu ROMs in general.

I will update the thread title as soon as other models are reported to have it, too (that is likely).

I will also update the title if we find it is a false alarm (which I stopped to hope).

Any suggestions to improve this posting, or to move it to a better forum, are very appreciated.

It would be nice, if everyone could try not to clutter this thread with unnecessary things. For example, if you have suggestions what I should edit here, better contact me directly, instead of posting a reply that becomes obsolete quickly.



fonts 6.26

com.lovelyfonts

lovelyfonts_vanzo_noicon_6.26.apk

http://www.avgthreatlabs.com/android...m.lovelyfonts/

https://www.virustotal.com/en/file/9...1185/analysis/



Unlock 2.144

com.yunlan.syslockmarket

SysMarket_92_NoIcon.apk

https://www.virustotal.com/en/file/4...6940/analysis/



Maybe one of them seems to download a third one and does it again if I delete it, which is clearly malicious behavior:



com.skymobi.pay.plugin 2.0.0.6

placed here: /storage/sdcard0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_V2006.apk 174.95 KB

http://www.avgthreatlabs.com/android...gin_v2006.apk/

https://www.virustotal.com/en/file/3...be0a/analysis/



Hi all Jiayu users,a recent stock ROM and many custom ROMs based on it, have been reported to have at least 2 trojans integrated.I've downloaded G4S-20140609-211642-SD.rar and G4SL-20140618-194209-SD.rar from needrom and verified the following facts myself. I did not test the stock ROMs, but in the general thread others reported that they have it, too. I don't know if they really came from an official source. April ROMs seem not to have it.Many trustworthy virus/malware scanners detect trojans in system/app/ - see a list of reports in the virustotal links:I was able to delete both apps using Titanium Backup. Everything still works and the third app didn't come back anymore.After deletion of the "fonts" app, without reboot, a chinese menu entry appears under settings/display. It translates to "font settings" and crashes when tapped. Maybe that's interesting.Both apps caused wakelocks, consumed battery and sent data to the internet. They have lots of rights, and their names alone are suspicious.Other Jiayu users with ROMs of May or June should check for these apps, too. Please report your results here. You can extract the ROM file on your PC and scan it with a virus scanner, or submit above apk files to virustotal or other online services.Or, on your device, check for existence of the "fonts" and "Unlock" apps. You can do so under Settings/Apps, or in Titanium Backup, or Wakelockdetector and so on.-Alex