Cedric Beust: Malware on my Android phone!

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
I have a confession to make that I’m not very proud of: recently, I unwittingly installed malware on my Android phone. As one of the early members of the Android team and someone who’s been using Android for about thirteen years, this was a pretty humbling and irritating event. This is what happened.

I remember how it started: I unlocked my phone and two accidental clicks led me to agree to a dialog that my brain immediately registered as suspicious. But I had other things on my mind at the time so I paid it no mind and moved on.

The next day, I picked up my phone and when I launched Chrome, I immediately noticed it was displaying a spammy URL. What’s worse: there were over ten tabs displaying similar URL’s which I was certainly not visiting before going to bed. This is when I realized what had happened.

Conclusions and suggestions​

  • Listing the apps installed on my phone should give me the option to sort them by “Latest installed”. I am pretty sure that if I had had this option and I had seen a QR Code Scanner installed just a few days ago, it would have immediately grabbed my attention. As it is, the way Android lists the installed apps is pretty useless for this purpose.
  • MalwareBytes was completely useless and I immediately uninstalled it when I realized this fact. The problem is that it was probably just looking for malware code signatures inside the packages instead of just looking at which apps I had installed.
  • Google Play Protect was also completely unhelpful, which was a big disappointment. First because Google certainly knows which applications they removed from their store for malware reasons, but even so, I would expect Google Play Protect to at least flag any app it finds on my phone that is not on their store. Such an app is not necessarily malware, but it should certainly be flagged.
  • Google Play Protect could also do some behavior profiling to analyze what apps are doing in the background. A service launching recurring VIEW intents on web sites in the background should have raised a flag to the system.
This man worked for the Android team at Google:
Read the full article here on his blog:
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Yeah that could very well do the trick, but raised an eyebrow when I saw this :
Updated 13 July 2012
wrong turn oops GIF
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top