Hey there, not entirely sure where to post this, hope it fits.

This morning, for the first time ever, my phone (a Huawei P20) showed a malware warning to me. The app ‘Idealo’, a german portal for price comparison, was supposed to be infected with ‘mirai-gx’. I tapped uninstall and began researching.

I consider myself very tech- and IT-savvy, but I lack deeper knowledge of malware.

Apparently, mirai was (is) a worm that primarily infects IoT devices to join them into a bot net. The BSI (german authority for cyber security) states that it resides in volatily memory only, so that a reboot should suffice to get rid of it.

The warning was issued by Huawei’s UI ‘MIUI’ as far as I can tell, not Play Services. I am aware that the latest security patch for my phone is from 2022, I just couldn’t afford to buy a new one up until now.

Some questions that arise:

(1) How can I trust that the information presented by my phones notification is correct? I mean, how would an IoT worm infect an app that was downloaded from the Google Play Store, is that even possible without root access to the phone or accessing the developers Play Store account?

(3) Right now, I’m combing through recent DNS queries in my PiHole log that originated from my phone. How can I tell regular queries from those of a bot net?

(4) What does the -gx suffix even mean? Information on this is very scarce.

(5) Just how bad of an idea is it to use a phone that has already gone two years without patches?

  • joulethiefOP
    link
    fedilink
    arrow-up
    1
    ·
    15 days ago

    It was certainly the Huawei System UI. How do I tell which engine they’re using?

    • RVGamer06@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      15 days ago

      There must be some clue, but i don’t know how to find them without seeing the screen.

      EDIT: The virus scan thing should be part of the “Optimizer” system app. Open that, tap on “virus scan” and look for something at the bottom of the screen like “Powered by X”. Should be Avast anyway.