hcnk.uedfd.com

Factory-installed Trojan/Adware on generic MediaTek device (Stratus C8) - Need advanced debloat help (No PC available) Hi everyone, I’m dealing with a persistent, factory-installed adware/trojan embedded directly into the firmware of a generic MediaTek phone (Stratus C8 running Android). The malware triggers full-screen popups and aggressive browser hijacking. For example, while using apps like TikTok, it randomly forces automatic redirects to adult spam, fake rewards, and predatory affiliate dating websites. What I have found and done so far: The Culprit App: I previously caught and disabled a package named com.example.adingtest using ADB/Canta, which temporarily stopped some ads. But the behavior is back, meaning there is a secondary or hidden package acting as a backup injector. Network Traffic: I’ve been monitoring connections via NextDNS and PCAPdroid. The malware uses a DGA (Domain Generation Algorithm) or constantly rotates C2/ad domains. I’ve caught and blocked requests to domains like [hcnk.uedfd.com](http://hcnk.uedfd.com) (and its variations), but they just spin up new domains faster than I can blacklist them. Current Tools: I do not have a PC right now, so flashing a clean stock ROM or using SP Flash Tool is out of the question. I am currently using Canta + Shizuku directly on the device to disable/uninstall system packages. My Question: Since the adware is running from a system-level process (likely injected into the SystemUI, framework-res, or a MediaTek background service), what specific hidden MTK or generic packages should I look for to safely disable via Canta without bootlooping the phone? If anyone has a list of known malicious stub apps for these types of budget phone firmwares, or any method to pinpoint exactly which package is calling the WebView redirect while TikTok is open, I would highly appreciate it! Thanks in advance!

[Help] Factory-installed Trojan/Adware on generic MediaTek device (Stratus C8) - Need advanced debloat help (No PC available) Hi everyone,[hcnk.uedfd.com](http://hcnk.uedfd.com) (and its variations), but they just spin up new domains faster than I can blacklist them.