Jump to content

[Android] USB debugging automatically turns on, is it a bug or a sign of malware?


Treehouse
Go to solution Solved by Flood and Flood's wife,

Recommended Posts

Treehouse

l installed kaspersky for mobile to cleanse my phone of trojan. lt seems to be clean but now whenever i attempt to turn off usb debugging as i am instructed by the app, it immediately turns back on. ls it a bug from android, a leftover damage from trojan (perhaps it was relying on that option being on to work properly), or trojan evaded kaspersky and still working and keeps it on? Phone is galaxy j7 prime running android 8.1.0

Link to comment
Share on other sites

Flood and Flood's wife
6 hours ago, Treehouse said:

Phone is galaxy j7 prime running android 8.1.0

l installed Kaspersky for mobile to cleanse my phone of trojan.

lt seems to be clean but now whenever I attempt to turn off usb debugging as i am instructed by the app, it immediately turns back on.

ls it a bug from android, a leftover damage from trojan (perhaps it was relying on that option being on to work properly), or trojan evaded Kaspersky and still working and keeps it on?

 

Hello @Treehouse

Welcome back!

  1. 8.1 is quite old, is it able to be updated? It's still supported by Kaspersky but not by Samsung, nothing Samsung distribute will be available at v8.1
  2. Was usb debugging / developer mode ON before Kaspersky was installed? 
  3. Which Kaspersky version / subscription is installed?  
  4. Using Kaspersky - run a full scan - if the result is clean uninstall Kaspersky -> then power OFF the phone, power ON, login, -> 
  5. Turn Developer mode  OFF
  6. Download & install Kaspersky - https://www.kaspersky.com/mobile-security.
  7. Using Kaspersky - run a full scan.
  8. Recheck IF USB debugging / Developer mode is ON or OFF & IF Kaspersky is sending notifications for it?  

Please share the outcome with the Community, when it's available? 
Thank you🙏
Flood🐳+🐋

Link to comment
Share on other sites

Treehouse

1 no 2 yes
3 latest/free

4-8 its still on. Developer mode is off yet usb debug is on.

  • Thanks 1
Link to comment
Share on other sites

Flood and Flood's wife
36 minutes ago, Treehouse said:

1 no 2 yes
3 latest/free

4-8 its still on. Developer mode is off yet usb debug is on.

Hello @Treehouse

Thank you for the information!

  1. What msg is shown when (you) try to update to v9? 
  2. Which Kaspersky version is installed, please advise the number? Read: Where to look for the version number.
  3. Have you *revoked* USB debugging authorizations, post a screen-print of the options please? 

Thank you🙏
Flood🐳+🐋

Link to comment
Share on other sites

Flood and Flood's wife
2 hours ago, Treehouse said:
  1. Kaspersky ver. 11.114.4.12135

 

Hello @Treehouse

Thank you for posting back & the information!

  1. It's not the latest version, where was it installed from?
  2. Is the Developer ON & USB debugging screen image from when Kaspersky is uninstalled or installed? 
  3. Is there any other notification from Kaspersky or just Turn OFF USB debugging? 

Thank you🙏
Flood🐳+🐋

Link to comment
Share on other sites

Treehouse

Firstly, i had an idea. I tried using a ram cleaner app to test my theory of malware turning the usb debug thing on. After wiping the memory i have successfully turned the usb debugging off which strongly hints that my phone is indeed infected and malware is indeed turning usb debugging on. Also i am able to crash the mentioned malware with ram cleaner.

1- I installed it from the link you gave me. I downloaded the apk. Figured it would use less data since i can reinstall it from the apk. 

2- Its from when it was installed but it was the same way when it was uninstalled too.

3- There are no red or yellow notifications. I will add a screenshot.

Screenshot_20240825-145415_Kaspersky.jpg

I just turned off the developer options too but i am afraid malware can bypass that and open the usb debug anyway. I was and still am able to turn it off no problem but Kaspersky would tell me to turn off usb debugging in a yellow warning notification, detecting that it was on despite dev. opt. being off.

Usb debug is off right now. This probably means trojan is also off.

  • Thanks 1
Link to comment
Share on other sites

Flood and Flood's wife
6 minutes ago, Treehouse said:

Firstly, i had an idea. I tried using a ram cleaner app to test my theory of malware turning the usb debug thing on. After wiping the memory i have successfully turned the usb debugging off which strongly hints that my phone is indeed infected and malware is indeed turning usb debugging on. Also i am able to crash the mentioned malware with ram cleaner.

1- I installed it from the link you gave me. I downloaded the apk. Figured it would use less data since i can reinstall it from the apk. 

2- Its from when it was installed but it was the same way when it was uninstalled too.

3- There are no red or yellow notifications. I will add a screenshot.

 

Hello @Treehouse

Thank you for posting back & the information!

We installed Kaspersky Free (from Galaxy store) to try & replicate the issue, we don't have an Oreo so our chances are slim, we see the following - but can manage these easily in the actual Developer application. 

(ioo) it's not a problem with the Kaspersky software. 

image.thumb.jpeg.bfa13874de297349cbcca0d6daaee254.jpeg

Thank you🙏
Flood🐳+🐋

Link to comment
Share on other sites

  • Solution
Flood and Flood's wife
27 minutes ago, Treehouse said:

I just turned off the developer options too but i am afraid malware can bypass that and open the USB debug anyway.

I was and still am able to turn it off no problem but Kaspersky would tell me to turn off USB debugging in a yellow warning notification, detecting that it was on despite dev. opt. being off.

USB debug is off right now. This probably means trojan is also off.

Hello @Treehouse

Just backtracking a bit, before the trojan, was there any AV software installed? 

Do you have a clean set of backups that pre-date the trojan? 

Have (you) considered doing a factory reset? 

Thank you🙏
Flood🐳+🐋

Link to comment
Share on other sites

Treehouse
1 hour ago, Flood and Flood's wife said:

Hello @Treehouse

Thank you for posting back & the information!

We installed Kaspersky Free (from Galaxy store) to try & replicate the issue, we don't have an Oreo so our chances are slim, we see the following - but can manage these easily in the actual Developer application. 

(ioo) it's not a problem with the Kaspersky software. 

image.thumb.jpeg.bfa13874de297349cbcca0d6daaee254.jpeg

Thank you🙏
Flood🐳+🐋

I think there has been a misunderstanding. You cannot replicate this at all. I am saying the usb debug option turns on by itself. I am able to turn it off but it either immediately turns back on, or i wipe the ram with ram cleanup and it stays off for a long time untill it goes back to on out of nowhere. To replicate this, you would need the malware that turns the setting on. I am %99 sure something is turning it on. A bug that turns that setting on seems extremely improbable.

  • Thanks 1
Link to comment
Share on other sites

Flood and Flood's wife
Just now, Treehouse said:

I think there has been a misunderstanding. You cannot replicate this at all. I am saying the usb debug option turns on by itself. I am able to turn it off but it either immediately turns back on, or i wipe the ram with ram cleanup and it stays off for a long time untill it goes back to on out of nowhere. To replicate this, you would need the malware that turns the setting on. I am %99 sure something is turning it on. A bug that turns that setting on seems extremely improbable.

Hello @Treehouse

Thank you for posting back & the information!

No, no misunderstanding, we're very clear about what you've written, however, we also wanted to see how Kaspersky Free was reacting & to capture screen images (for you) - beyond that - obviously we're not going to infect our phone for the purpose of testing. 

Have you tried any other free AV to see if there's a detection of the 'suspected' malware? 

Was there any AV installed before the infection -> i.e. before installing Kaspersky? 

Thank you🙏
Flood🐳+🐋

Link to comment
Share on other sites

Treehouse
1 hour ago, Flood and Flood's wife said:

Hello @Treehouse

Thank you for posting back & the information!

No, no misunderstanding, we're very clear about what you've written, however, we also wanted to see how Kaspersky Free was reacting & to capture screen images (for you) - beyond that - obviously we're not going to infect our phone for the purpose of testing. 

Have you tried any other free AV to see if there's a detection of the 'suspected' malware? 

Was there any AV installed before the infection -> i.e. before installing Kaspersky? 

Thank you🙏
Flood🐳+🐋

I did install malwarebytes after installing kaspersky. It  also found nothing so i removed it. Before that there is the built in av that is powered by mcafee.  I dont want to resort to factory reset yet. The suspected virus might survive that and all i could manage would end up deleting apps and their data. At first kaspersky install, it did remove 2 things, which were malware. But it couldnt properly remove them apparently. It merely deleted the setup/apk of the malware. Also i only understood that  i was infected after my discord was hacked and a suspicious link has been sent to everyone it can until discord logged me out. It took some time to understand that it wasnt my password or token that got compromised, but my phone. Then i installed kaspersky. 

Also what did you try to replicate? Or which issue are you referring to? 

  • Thanks 1
Link to comment
Share on other sites

Flood and Flood's wife
On 8/26/2024 at 1:44 AM, Treehouse said:

I did install Malwarebytes after installing Kaspersky. It  also found nothing so i removed it. Before that there is the built in av that is powered by MacAfee.  I don't want to resort to factory reset yet. The suspected virus might survive that and all i could manage would end up deleting apps and their data. At first Kaspersky install, it did remove 2 things, which were malware. But it couldn't properly remove them apparently. It merely deleted the setup/apk of the malware. Also i only understood that i was infected after my discord was hacked and a suspicious link has been sent to everyone it can until discord logged me out. It took some time to understand that it wasn't my password or token that got compromised, but my phone. Then i installed Kaspersky. 

Also what did you try to replicate? Or which issue are you referring to? 

Hello @Treehouse,

Thank you for posting back!

Because the information provided was not clear we installed Kaspersky from more that one source. 

We (also) installed Kaspersky Free to assist (you) (ordinarily, we do not use Kaspersky's Free software). 

We did this to capture screen images - as we've already stated. 

Thank you🙏
Flood🐳+🐋

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...