I recently ran into the same issue. The malware passes to anyone your text or call. Basically everyone in your contact list. I installed Android Studio, disconnected internet and connected the phone to find the same issue. There are 2 folders that show as 1969 date and 80% of the others appear as 2008. It definitively effects bluetooth and will effect windows media services. It will connect the phone to your laptop and television, then spread out to any other devices such as windows machines, adding media devices for the television, phone and effected laptop. In fact, it loaded 9 duplicated phone devices.
I ran a test while my android was plugged into a windows 10 machine running android studio. First, I disconnected my network cable, disabled wifi and bluetooth and was able to copy the affected files off of the device. Those file included altered dates such as 1969 and 2008. Under the "proc" folder it creates over 1000 subfolders ranging from 1 - 1026 or highter.
The interesting aspect is when I plugged the network cable back into the windows maching running Android Studio, the machine froze, so I unplugged my Android phone for about 1 minute before reconnecting. Once reconnected, the files had reverted back to a 2023 date.
Luckily, I ran the same test the next day, and there it was.... All the folders were mis-dated and the "proc" folder had 1000 sub directories.
I can confirm that this malware will spread to every new number that you add to your contacts and text. I tested this several times and it is a 100% confirmation. What this means is that even if you get a new phone or number, you'd most likely be reinfected because the people you contact most often have now been affected and will pass the malware back to you.
I can also confirm, that anything you connect to via bluetooth such as your laptop, television or xbox will also be affected. If you're not aware, it is very challenging to turn off all NFC and Bluetooth on an Android. You have to root the phone and know what you're doing. From there, you'll have to manually block all reference to Bluetooth. The only way that I've found that works, is to only use Cellular, disengage all bluetooth, wifi, casting, NFC or similar. From there, keep the device off of in airplane mode when not in use.
Even with those measures, the malware works on a schedule and will attempt to use the speakers or connect online whenever it gets a chance.
This looks like an APT model and is very effective and spreading to other devices very quickly.
The next item that helped was to change the router config and setting it to the highest security, turning off all MoCa and other protocols, blocking all connections from devices in your home network, and/or segmenting all home media devices like xbox or similar onto it's own separate network.
Bluetooth and 2.4 wifi run in the same range, so if you can segment those devices to 2.4, block all unnecessary port access and run your other devices on 5Ghz after disabling wifi and bluetooth, you can prevent those devices from reaching your phone or laptop. It's a super pain and you bascially have to sanitize every device in your home. reconfigure your network, activate logging and network monitoring, and it's still not 100%.
I was able to find references by running a simple "netstat" command on an affecting windows machine. With no programs running, you'll see 3 connection types that are normally overlooked. These include aws cloud services, Akamai Cloud Services and microsoft cloud services. This malware is connecting to cloud services and this is likely a command and control server connection which exfiltrates or loads additional malware on your device.
I would recommend reporting this to law enforcement, but they are pretty useless in this regard. You can research through MitreAttack and see if you can identify the apt or toolsets that match. From there, establish contact with security engineers that have documented such attacks, or document your own APT model yourself through Mitre.
Bascially, you're optons are to find attribution and then switch your approach to an offense counter measure. You can report the AWS accounts to amazon, and other cloud services and any URL's you find in the process, report them and block them. The biggest challenge is how to santize all of the devices that this has spread to. In my case, I documented every aspect and reported each to the appropriate provider such as Google, Microsoft and Amazon. Even after all of that, you're not in the clear. You have to continue to maintain a strong defense which can be challenging for your friends and family members. You have to make sure that they too are aware of the problem and will follow good practices concerning leaving their wifi and bluetooth open and exposed.
