• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help Virus on my Android?

B

Boudicca

Newbie
Hi,
Yesterday I opened an email (which was clearly spam once I had opened it) on my ZTE Blade V which I believe is on Android Jelly Bean 4.1.
I am kicking myself as I am normally good at spotting these emails but it was from someone who I was expecting a message from and lo and behold it was even addressed to me in the subject box.
It was identical to this (only example I could find of what the email looks like on post number 4, in my case it directed to a fake bbc website about diets):
https://discussions.apple.com/thread/6796278
I have changed my email password but I am really worried that my phone now has some malware installed onto the actual device. My free antivirus has found nothing.
Can anyone advise me on whether I should reset my phone or anything? I'm worried my phone will be dialling expensive phone numbers!!!!
Thanks.
 
It sounds more like someone else's contact list was compromised and your name was in it, or they got your name some other way from a site you visited, or you have a common enough name and it was coincidence.

It's unlikely you're infected.

For peace of mind, a factory data reset can give you a fresh start.

Refer to your user guide, on most phones it's a simple matter, on some it can do more than you want, so read up first.
 
To be honest that sounds like spam rather than a virus: someone spamming a web link and pretending it is something else to get people to click on it would account for everything you have described. You don't say whether it also sent emails to your contacts (which is probably how you got a personalised copy: the friend you received it from probably got one of these). However, these things will most likely work on some systems/apps and not others. I'd check your outbox though, and see whether some of your regular email contacts received this from you.

In any event, there are no viruses for Android at the moment. Malware, yes, but not viruses: the distinction is that a virus is a form of malware that can install itself, as opposed to relying on you to install it. So as long as you didn't see the install dialog, get a notification of an app being installed, or click on anything else, it's very unlikely you were infected. Check your Download folder and see whether any new .apk files have appeared there (though that would only mean that an app was downloaded, not that it was installed).

Changing passwords was a sensible precaution, and I think probably suffieient.
 
Thank you so much for the quick replies! I have checked my sent box and there are no messages sent to all my contacts.
I must point out though that I DID click the What's App "get message" (or whatever it says) link on the email as I thought my contact had recorded a message (which like I said, was perfectly plausible as I was expecting contact from them) this link then took me to a fake BBC webpage, hence my concern. There were no notifications of anything being downloaded however. I have yet to check the download folder. Would this scenario still install malware and would a factory reset still be sufficient?
 
It's relatively easy to download malware onto a device from a website such as the one that mail redirected you to. However, downloading is not the same as installing. If you find an unknown .apk there let us know what it is (we may recognise it, and we're curious about these things) then delete it. Just don't click on it, or if you do, don't agree to install it.

If you are still worried, then a factory reset will remove all installed apps and their data and settings, including any malware.
 
Hi,
I've just installed Malwarebytes and done a scan and it has detected:
android/Trojan.Stesec.a/system/app/SecuritySms.apk
Can anyone please help? This is after I did a factory reset :(
 
Boudicca said:
Erm, I'm not sure, how would I find that out?
Click to expand...
Check your app drawer for an app called superuser or SuperSU.
Or run the app Root Checker
The only way there could be a malware app installed after a factory reset is if the phone has been rooted and it's been installed as a system app
 
funkylogik said:
Check your app drawer for an app called superuser or SuperSU.
Or run the app Root Checker
The only way there could be a malware app installed after a factory reset is if the phone has been rooted and it's been installed as a system app
Click to expand...
And - did you buy the phone new in the box from a store, the carrier, or ZTE? (Not eBay ok.)
 
I bought the phone new from my mobile provider but I did have to send it to them to check the camera as at the time it wasn't working. That is obviously a different issue but is the only time it has been out of my hands.
Checking my "all apps" in my settings, there is no mention of super user or SuperSU.
Am I looking to be in the clear?!
Thanks for all your help!
 
Normally, we would assert that any factory installed software, such as found in /system/app, would not be malicious and could not become malicious unless modified by a user who has rooted their phone.

So with the help of Google, I questioned that assumption and was surprised to find http://www.cs.cuhk.hk/~cslui/PUBLICATION/ASIACCS2014DROIDRAY.pdf

DroidRay: A Security Evaluation System for Customized Android Firmwares

Min Zheng, Mingshen Sun, John C.S. Lui
Computer Science & Engineering Department
The Chinese University of Hong Kong

It's a scholarly examination of the assumption with a survey of devices and software.

They concluded in no uncertain terms that your phone was shipped with malicious software right from ZTE.

Rooting is the same thing as administrator access on your pc.

If I were you, I would read that article in its entirety, see if you agree with my reading, and if so, see if you can root your phone. If so, you can proceed to freeze the app in question (make it not runable and therefore harmless) and replace it with something else.

You can also begin by checking under settings, Apps, All, find it and see if it will let you disable it without rooting.
 
Just out of interest, if I was to buy another more up to date Android phone and I put my current SIM into the new phone, would the SIM have this malware or is it only on the phone? Same with the SD card?
I'm thinking upgrade time but not if the SIM and SD card will "infect" a new Android!
 
Your sim will be fine and if Malwarebytes found nothing on your SD card, it's fine too.

The malicious nature of what you have allows it to send texts and make phone calls without your knowledge. It's not identified as something that propagates and spreads.
 
You must log in or register to reply here.
Back
Top Bottom