Hi excuse me my android phone had been hacked with rootkit malware and It didn't removed with reset factory or flashing, how can I detect or remove this malware?please introduce me some application or forensic tools that could help me finding this malware
Question Detecting android rootkits
- Thread starter pegah
- Start date
- Jun 10, 2014
- 39,653
- 595
- 113
Welcome. There are antimalware apps in the Play Store. If they don’t work, you could reflash the stock ROM. Change all passwords.
joeldf
Well-known member
- Dec 19, 2011
- 1,480
- 1,033
- 113
First things first... how do you know you've been hacked? What are the symptoms?
And read though this.
“I’ve been hacked”
Smartphones have brought out various kinds of neurotic and paranoid reactions from users. The technology is difficult to understand, and it is easy for us to allow ourselves to suspect that bad things are happening, when in fact they’re not. Android Central regularly receives posts from guests...
forums.androidcentral.com
Then come back and we'll see what might really be going on.
- Feb 6, 2017
- 96,711
- 12,522
- 113
smvim
Well-known member
- May 16, 2014
- 1,182
- 207
- 63
Your phone's internal storage is divided into several different partitions. Almost all of them are dedicated to the installed Android operating system, with one set aside as a user data partition. The system-level partitions are protected and restricted, the user data partition is less restricted with just user-level permissions. That's a significant issue:
-- When you install something like the Malwarebytes app or some A/V app from the Play Store, that utility is installed with user-level permissions. It has complete access to all the content in the user's partition, but no or very, very limited access to any directories with system-level permissions.
-- A Factory Reset only wipes the user data partition clean, it does nothing to the installed operating system. So an non-rooted or a rooted phone running 12 will be the same before a Factory Reset as after. The only difference will be all the user data in that one partition is gone.
-- Flashing the firmware will reload a clean Android ROM, replacing the previous install. If something like an actual rootkit did compromise the installed OS, flashing the ROM will over-write it.
So if you did flash a proper ROM and that rootkit is still there, there's not much more you can do. You can keep trying to manually remove it, but a more prudent measure might be to just start looking for a replacement phone.
How are you determining your phone is actually infected with a rootkit?
Is your phone rooted or still stock? Which leads to the question did you use a stock ROM, or a third-party ROM (i..e. LineageOS), or a backup image you created yourself?
-- When you install something like the Malwarebytes app or some A/V app from the Play Store, that utility is installed with user-level permissions. It has complete access to all the content in the user's partition, but no or very, very limited access to any directories with system-level permissions.
-- A Factory Reset only wipes the user data partition clean, it does nothing to the installed operating system. So an non-rooted or a rooted phone running 12 will be the same before a Factory Reset as after. The only difference will be all the user data in that one partition is gone.
-- Flashing the firmware will reload a clean Android ROM, replacing the previous install. If something like an actual rootkit did compromise the installed OS, flashing the ROM will over-write it.
So if you did flash a proper ROM and that rootkit is still there, there's not much more you can do. You can keep trying to manually remove it, but a more prudent measure might be to just start looking for a replacement phone.
How are you determining your phone is actually infected with a rootkit?
Is your phone rooted or still stock? Which leads to the question did you use a stock ROM, or a third-party ROM (i..e. LineageOS), or a backup image you created yourself?
Similar threads
- Locked
- Question
- Question
- Question
- Question
Facebook
Twitter
Instagram