Hey there, not entirely sure where to post this, hope it fits.
This morning, for the first time ever, my phone (a Huawei P20) showed a malware warning to me. The app ‘Idealo’, a german portal for price comparison, was supposed to be infected with ‘mirai-gx’. I tapped uninstall and began researching.
I consider myself very tech- and IT-savvy, but I lack deeper knowledge of malware.
Apparently, mirai was (is) a worm that primarily infects IoT devices to join them into a bot net. The BSI (german authority for cyber security) states that it resides in volatily memory only, so that a reboot should suffice to get rid of it.
The warning was issued by Huawei’s UI ‘MIUI’ as far as I can tell, not Play Services. I am aware that the latest security patch for my phone is from 2022, I just couldn’t afford to buy a new one up until now.
Some questions that arise:
(1) How can I trust that the information presented by my phones notification is correct? I mean, how would an IoT worm infect an app that was downloaded from the Google Play Store, is that even possible without root access to the phone or accessing the developers Play Store account?
(3) Right now, I’m combing through recent DNS queries in my PiHole log that originated from my phone. How can I tell regular queries from those of a bot net?
(4) What does the -gx suffix even mean? Information on this is very scarce.
(5) Just how bad of an idea is it to use a phone that has already gone two years without patches?
Have you determined what package did the malware notification come from? And what is the engine they use for scanning?
It was certainly the Huawei System UI. How do I tell which engine they’re using?
There must be some clue,
but i don’t know how to find them without seeing the screen.EDIT: The virus scan thing should be part of the “Optimizer” system app. Open that, tap on “virus scan” and look for something at the bottom of the screen like “Powered by X”. Should be Avast anyway.
Yup, is says powered by Avast.