Comment on Malware warning on my phone (mirai-gx)
skullgiver@popplesburger.hilciferous.nl 1 week ago
Standard Mirai wil target devices like routers and cameras. It won’t infect phones. If someone took Mirai and packaged it into an Android app (either because you downloaded a scam app or because the supply chain for the app was compromised), the Android sandbox should protect your phone. If all is well, removing the app should be enough to clear the infection. If that doesn’t work, the malware obtained root credentials and cleaning it will require a factory reset or even a factory reset + complete reinstallation of the system (basically, useless unless you’re knowledgeable in Android modding).
My recommendation would be scanning the phone using a bunch of antivirus tools (starting with Google’s and MIUI’s) to see if the infection is still there. If you don’t trust it, back up the phone and factory reset it. Be especially wary of banking apps, logging in to important websites through browsers, and any government ID apps you may use. As always, SMS 2FA should also be treated with caution.
As for your questions:
- Notifications can be faked. Hold the notification and click the settings icon to go to the app’s settings, that can’t be faked. If it brings you to a system package, it’s probably legit. Several Chinese smartphone companies have malware scanning from companies like Avast integrated into them.
It’s possible that the notification was a false positive. Virus scanners can be wrong sometimes. Try scanning your phone with Google’s antivirus or any other reputable antivirus app on Google Play.
- It happens quite often that some malware company sells “advertising” to a small app which actually contains malware. Or a dependency of the Android app got compromised. Google Play’s malware scanning doesn’t catch all malware, unfortunately.
An app that was not packaged with your phone cannot infect another without root access. However, malware can exploit unpatched vulnerabilities in your phone to gain root access, so if you haven’t downloaded any OS security updates the past 2-3 months, there’s a good chance your phone is quite easy to get root access on if a hacker knows about it.
Given that Huawei has been banned from Google Play for longer than they normally serve security updates for their phones, my guess is that you’re probably quite behind. Last security update I can find for your phone was 2.5 years ago. You may be able to find custom ROMs to install on your phone that are more up to date in regards to security stuff (though those bring their own risks, of course).
-
Hard to say. Mirai also works with plain IP addresses so if this mirai-gx is the same, you may not see any evidence of it in your DNS logs. Or it could just hard-code a DNS-server, that’d also hide the DNS traffic from pihole.
-
It’s a name chosen by an antivirus company. There’s usually no explaining those. From what I can find online, it’s a dropper binary that will download other malware, rather than the normal Mirai, but there’s not a lot to be found about it online.
-
No problem at all if you don’t get infected. Not a problem at all if you don’t do anything important with it. Probably fine if you reset the phone and the infection clears. Life-changing if you get infected and hackers start opening bank accounts using information from your email accounts to launder money through phone scams.