I have a new Pipo P1 tablet with Android 4.4.2 and the much(Overly?) vaunted RK3288 chip. I used it last night as an e-reader. Afterwards, I opened the browser, which loads the last url (
http://www.jw.org - as squeaky clean a website as they come)
I typed in something innocuous - google, I think, and was redirected through zh.zerodirect1.com to this (long) url:
http://www.google-playstore.com/zero...__var5..DOMAIN
The screen is attached as a jpeg. It bothers me how nearly I went for it! It seemed forceful for Google's way of expressing things (more like m$
. I started checking
* No updates from the "Settings / About Tablet / Check for Updates)."
* No CVE number referred to in the text (as I might expect).
* The phrase "kill your phone's internet speed" is bad grammar.
* Hitting the back button allowed me to see the zh.zerodirect1.com url.
* The playstore is actually play.google.com, not google-playstore.com.
* No similar behaviour on another Android system.
* Once I decided to ask, and saw the whole url, the whole thing became obvious. My next move is to look for a rootkit checker in the play store.
NOW MY QUESTION: Where the <expletive deleted> did that come from? Is there a rootkit fitted as from new?
My only apps are all known apps used previously on another tablet without issue. The only odd thing is an app totally in Chinese, which came with the tablet. I mean to get a chinese speaker to explain it to me.