I recently purchased a Dragon Touch X10 for a family member. Two weeks later, any web browser installed had its homepage redirected to gotoamazing.com . I started looking into the culprit and here’s what I found.The tablet was only two weeks old, so I am unsure whether the browser hijack was pre-installed on the Dragon Touch X10 tablet, or if somehow mobile malware installed it. Several additional apps, mainly power savers, and temperature monitors were installed. I removed those through the apps manager without an issue.
I installed Firefox and Chrome but their homepages were redirected to gotoamazing.com as well within minutes. After reading around the web on how these redirectors get installed, I installed Malwarebytes Mobile and ran a scan. Initially, no problems were detected, but that was prior to rooting the device.
I knew something was still wrong because when I changed the homepage in the browser, it got set back to gotoamazing as soon as it was closed and re-opened. After checking some other forums online for how browsers can get hooked by malware, I found I needed to check out hidden files and pre-installed apps. Couldn’t do it without rooting, so I rooted the device with Kingo , a free one-click root tool and installed a tool I found called Total Commander to view the file system. I reran MalwareBytes on the tablet and it detected two malware objects in the priv-apps system folder. This is the folder that preinstalled apps are placed. One app was QuickSearch and the other was called Xfoto. Since the partition is write-protected, I was unable to delete these apps. Total Commander was able to perform a neat trick that remounts the system partition as read/write and then deletes the protected files. It was able to delete both of them.
I then started looking deeper in the applications manager and found that the Browser app, which looked like the standard Android browser wasn’t the actual native app. It had no entry in the Google Play store. I removed it as well and installed Chrome, which hasn’t been hijacked since.
After talking to others having the same problem on the same device, I’m not recommending the purchase of this tablet. I am starting to think it may have been shipped with the malware already in place. The Dragon Touch X10 is a low cost tablet, but we had installed nothing “sketchy” on the tablet and the APKs were located in a protected operating system folder. There isn’t much that could place the files there unless they were placed when the system was originally configured at the factory. After reading the reviews on Amazon of the same behavior on this tablet, this “malware from the factory” scenario is looking more likely.
The tablet seller also offers perks for reviews on the product. This may be the reason it is rated so well on Amazon’s site. Perks include a case, screen protector and similar accessories. A small note is included in the box at shipping, indicating these spiffs are offered after a review is placed. They did not encourage reviews in one direction or the other, however.
Here are a few reviewers on Amazon that found the same experience.
The Dragon Touch X10 is now nowhere to be found on Amazon