• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help i messed up and pressed an malicious system update

M

migs_k

Lurker
i messed up and pressed an malicious system update

i believe it was already in its last update when i first baught it last year
https://www.sammobile.com/samsung/galaxy-a01/firmware/SM-A015F/XTC/download/A015FXXS3ATL1/1038807/

but since i was ignorant of what is the last or latest update versions, i stupidly pressed on this "software update" that i got notified with

how to remove this unknown intrusion, i have already factory reset before but i believe this one infected system files

this phone is also not rooted, so i dont have alot of options to consider
 
More like i got a notificaltion and stupidly pressed it

My dev mode was on and usb debugging because i was tranfering files to pc
 
We may be better able to help you if you can tel us why you think that this update was bogus.

Tell us what behavior your device is exhibiting that makes you believe that the update was malicious.
 
It used to have permanent open ports (did port scanning ports), i never dabbled in those

------
My pc firewall detected a port scanning attack coming from the same IP as my phone (not related above, i was busy on a google meet session during this time)

-----
I became suspicious that my pc had 3 running duplicate processes related to bitdefender

After closing one of them (all three of them closed then a same named process opened), bitdefender immediatly detected MITM attacks and blocked them (as if these processes were preventing detection of MITM)
 
Last edited:
anyway is there a step by step guide to completly reset my phone back as it was brand new? firmware, systems, backups, etc.
 
migs_k said:
i messed up and pressed an malicious system update

i believe it was already in its last update when i first baught it last year
https://www.sammobile.com/samsung/galaxy-a01/firmware/SM-A015F/XTC/download/A015FXXS3ATL1/1038807/

but since i was ignorant of what is the last or latest update versions, i stupidly pressed on this "software update" that i got notified with

how to remove this unknown intrusion, i have already factory reset before but i believe this one infected system files

this phone is also not rooted, so i dont have alot of options to consider
Click to expand...
It's unlikely that any malware could infect system files in Android 10 on an unrooted device - the sort of exploits that used to be used for that were closed years ago (the reason why all of those "one click root" tools stopped working - they used the same exploits that the malware did). So if you've done a reset that probably covers it, as long as you don't reinstall it (e.g. restoring a backup that includes the malware).

If you want to be safe, go to Sammobile.com and download the latest firmware for your model and reflash the phone. I'm not a Samsung user so can't give a step-by-step for that, but I'm sure Sammobile can. Reinstalling the stock firmware will overwrite your system files, so any modifications will be toasted.
 
migs_k said:
What if it wasnt a firmware update and it just "shows" that it is
Click to expand...
that is not possible. in order for that to happen, your phone would have to be rooted to gain access to your system files and be able to read and write to the partition where the os is on......so unless your phone is rooted, this cannot happen.
 
My phone had its wifi turned off, it was connected to the pc with dev mode and usb debugging

It was trying to "download" an update but with no internet it was just trying to connect

What does that mean?
 
You must log in or register to reply here.
Back
Top Bottom