Question Detecting android rootkits

Toggle sidebar Toggle sidebar
P

pegah

New member
May 31, 2024
1
0
1
Hi excuse me my android phone had been hacked with rootkit malware and It didn't removed with reset factory or flashing, how can I detect or remove this malware?please introduce me some application or forensic tools that could help me finding this malware
 
Sort by date Sort by votes
pegah said:
Hi excuse me my android phone had been hacked with rootkit malware and It didn't removed with reset factory or flashing, how can I detect or remove this malware?please introduce me some application or forensic tools that could help me finding this malware
Click to expand...
First things first... how do you know you've been hacked? What are the symptoms?

And read though this.

“I’ve been hacked”

Smartphones have brought out various kinds of neurotic and paranoid reactions from users. The technology is difficult to understand, and it is easy for us to allow ourselves to suspect that bad things are happening, when in fact they’re not. Android Central regularly receives posts from guests...
forums.androidcentral.com forums.androidcentral.com

Then come back and we'll see what might really be going on.
 
  • Like
Reactions: Laura Knotek and B. Diddy
Upvote 0 Downvote
Your phone's internal storage is divided into several different partitions. Almost all of them are dedicated to the installed Android operating system, with one set aside as a user data partition. The system-level partitions are protected and restricted, the user data partition is less restricted with just user-level permissions. That's a significant issue:
-- When you install something like the Malwarebytes app or some A/V app from the Play Store, that utility is installed with user-level permissions. It has complete access to all the content in the user's partition, but no or very, very limited access to any directories with system-level permissions.
-- A Factory Reset only wipes the user data partition clean, it does nothing to the installed operating system. So an non-rooted or a rooted phone running 12 will be the same before a Factory Reset as after. The only difference will be all the user data in that one partition is gone.
-- Flashing the firmware will reload a clean Android ROM, replacing the previous install. If something like an actual rootkit did compromise the installed OS, flashing the ROM will over-write it.

So if you did flash a proper ROM and that rootkit is still there, there's not much more you can do. You can keep trying to manually remove it, but a more prudent measure might be to just start looking for a replacement phone.

How are you determining your phone is actually infected with a rootkit?

Is your phone rooted or still stock? Which leads to the question did you use a stock ROM, or a third-party ROM (i..e. LineageOS), or a backup image you created yourself?

 
  • Like
Reactions: Laura Knotek
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

T
  • Locked
  • Question Question
Question after flashing im getting erorr try again system corrupted wont boot PLEASE HELP ME!
Replies
2
Views
609
Ask a Question
mustang7757
mustang7757
A
  • Question Question
Question Infinix Note 11 Stuck in Bootloop – Need Help Saving Data!
Replies
1
Views
516
Ask a Question
B. Diddy
B. Diddy
M
  • Question Question
Question Looking for an Android tablet that wont show any icons whilst screen mirroring over USB/HDMI
Replies
1
Views
457
Ask a Question
VidJunky
VidJunky
A
  • Question Question
Question Is there a way to verify that there is no malware on my device?
Replies
4
Views
1K
Ask a Question
B. Diddy
B. Diddy
S
  • Question Question
Question Using an Android Tablet for the Gauge Cluster
Replies
1
Views
393
Ask a Question
rvbfan
rvbfan

Latest posts

Trending Posts

Members online

Total: 10,196 (members: 17, guests: 10,179)

Forum statistics

Threads
955,859
Messages
6,965,936
Members
3,163,408
Latest member
AirlinesTravels

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom