{"id":5091,"date":"2020-05-27T07:00:00","date_gmt":"2020-05-27T11:00:00","guid":{"rendered":"https:\/\/langa.com\/?p=5091"},"modified":"2020-05-27T07:38:03","modified_gmt":"2020-05-27T11:38:03","slug":"how-does-some-malware-manage-to-survive-a-smartphone-factory-restore","status":"publish","type":"post","link":"https:\/\/langa.com\/index.php\/2020\/05\/27\/how-does-some-malware-manage-to-survive-a-smartphone-factory-restore\/","title":{"rendered":"&#8220;How does some malware manage to survive a smartphone factory restore?&#8221;"},"content":{"rendered":"\n<p><em><small>(Answer requested by Lilly Vugheen)<\/small><\/em><\/p>\n\n\n\n<p>Android smartphones keep a spare copy of the operating system on hand, stored in protected files. These files are what&#8217;s used to rebuild the system after a factory reset, or a root.<\/p>\n\n\n\n<p>Rare but virulent Android &#8220;xHelper&#8221; malware can break into and alter the protected files. So, when you reset the phone, it rebuilds itself with hooks for malware already in place.<\/p>\n\n\n\n<p>However, this is rare, and requires a narrow and unusual set of circumstances to pertain before it can happen; usually including the phone&#8217;s owner deliberately sideloading unverified third-party software &#8212; a known and easily-avoided infection vector.<\/p>\n\n\n\n<p><strong>More info:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" href=\"https:\/\/www.zdnet.com\/article\/new-unremovable-xhelper-malware-has-infected-45000-android-devices\/\" target=\"_blank\">New &#8216;unremovable&#8217; xHelper malware has infected 45,000 Android devices<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/lifehacker.com\/this-new-android-malware-can-survive-a-factory-reset-1839471462\" target=\"_blank\">This New Android Malware Can Survive a Factory Reset<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/www.androidpolice.com\/2020\/04\/19\/months-of-research-finally-crack-android-malware-that-could-even-survive-factory-resets\/\" target=\"_blank\">Researchers finally discover how Android malware that could &#8230;<\/a><\/li><\/ul>\n\n\n\n<p class=\"has-text-align-right has-small-font-size\"><em><strong>Permalink:<a href=\" https:\/\/langa.com\/?p=5091\"> https:\/\/langa.com\/?p=5091<\/a><\/strong><\/em><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"104\" height=\"6\" data-attachment-id=\"1999\" data-permalink=\"https:\/\/langa.com\/index.php\/2019\/02\/10\/around-boston-the-nearly-snowless-winter-continues\/seperator-short-grey\/\" data-orig-file=\"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2019\/02\/SEPERATOR-short-grey.png?fit=104%2C6&amp;ssl=1\" data-orig-size=\"104,6\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"SEPERATOR short grey\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2019\/02\/SEPERATOR-short-grey.png?fit=104%2C6&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2019\/02\/SEPERATOR-short-grey.png?resize=104%2C6\" alt=\"[seperator]\" class=\"wp-image-1999\"\/><\/figure><\/div>\n\n\n\n<p style=\"text-align:left\"><strong>COMMENT \/ QUESTION<\/strong>  on <strong>THIS ITEM?<\/strong> <em>See the<\/em> <strong>Comment box<\/strong> <em>at bottom of this page!<\/em><br><b><em><br><\/em>NEW QUESTION? <\/b><em>Ask<\/em><b> <u><font color=\"#000117\"><a rel=\"noreferrer noopener\" href=\"https:\/\/langa.com\/index.php\/contact\/\" target=\"_blank\">here<\/a><\/font><\/u><\/b>!<br><br>(<em>Want free notification of new content? Click<\/em><b><strong> <\/strong><a rel=\"noreferrer noopener\" href=\"https:\/\/langa.com\/index.php\/2018\/09\/09\/get-free-automatic-notification-of-new-content\/\" target=\"_blank\">here<\/a><\/b>!)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Answer requested by Lilly Vugheen) Android smartphones keep a spare copy of the operating system on hand, stored in protected files. These files are what&#8217;s used to rebuild the system after a factory reset, or a root. Rare but virulent Android &#8220;xHelper&#8221; malware can break into and alter the protected files. So, when you reset&#8230;<\/p>\n","protected":false},"author":1,"featured_media":5092,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,30,12],"tags":[],"class_list":["post-5091","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-a-reader-asks","category-hardware","category-smartphones"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2020\/05\/malware-virus-e1590520693354.jpg?fit=350%2C262&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paaiox-1k7","jetpack-related-posts":[{"id":1485,"url":"https:\/\/langa.com\/index.php\/2018\/12\/26\/a-reader-asks-how-can-i-recover-android-data-after-a-factory-reset-if-it-wasnt-backed-up\/","url_meta":{"origin":5091,"position":0},"title":"A reader asks: &#8220;How can I recover Android data after a factory reset if it wasn&#8217;t backed up?&#8221;","author":"Fred Langa","date":"2018-12-26","format":false,"excerpt":"That's a terrible feeling, isn't it, when your data's gone --- maybe forever! Ugh. But it may not be gone, or at least, not all of it. Google, or your phone maker, may have provided at least some automatic backup services for you. Some third-party apps may have likewise saved\u2026","rel":"","context":"In &quot;A reader asks...&quot;","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2018\/12\/smartphone-backups.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":758,"url":"https:\/\/langa.com\/index.php\/2018\/10\/17\/a-reader-asks-should-i-factory-reset-a-phone-that-previously-belonged-to-someone-else\/","url_meta":{"origin":5091,"position":1},"title":"A reader asks: Should I factory reset a phone that previously belonged to someone else?","author":"Fred Langa","date":"2018-10-17","format":false,"excerpt":"Q: Should I factory reset a phone that previously belonged to someone else? (via Quora) A: Yes, absolutely! You have no way of knowing what might still be on the phone... spyware, malware, traces of illicit images or activity, whatever. I suggest you reset the phone before you plug in\u2026","rel":"","context":"In &quot;A reader asks...&quot;","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4880,"url":"https:\/\/langa.com\/index.php\/2020\/05\/01\/why-was-the-obb-folder-missing-on-my-phone-after-i-factory-reset-it\/","url_meta":{"origin":5091,"position":2},"title":"&#8220;Why was the OBB folder missing on my phone after I factory reset it?&#8221;","author":"Fred Langa","date":"2020-05-01","format":false,"excerpt":"(Answer requested by Emm Riosa) OBB files --- Opaque Binary Blobs --- are files used to store extra data generated by some Android games and apps. This data is private and encrypted (hence \"opaque\") so that only the app that generated an OBB can read it. The key thing is\u2026","rel":"","context":"In &quot;A reader asks...&quot;","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2020\/05\/search-or-seek-icon-folder-rf-e1587836533534.jpg?fit=200%2C200&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2225,"url":"https:\/\/langa.com\/index.php\/2019\/03\/05\/a-reader-asks-my-old-pc-has-a-virus-is-it-safe-to-move-its-files-to-my-new-pc\/","url_meta":{"origin":5091,"position":3},"title":"A reader asks: &#8220;My old PC has a virus. Is it safe to move its files to my new PC?&#8221;","author":"Fred Langa","date":"2019-03-05","format":false,"excerpt":"No, of course it\u2019s not safe! But if you're patient, you can make it safe. Here\u2019s how: First, scan the old, infected system using an external, self-contained, bootable, DVD- or flashdrive-based anti-malware tool. (Examples; many are free.) Boot and run the old PC from the anti-malware DVD or flash drive\u2026","rel":"","context":"In &quot;A reader asks...&quot;","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1025,"url":"https:\/\/langa.com\/index.php\/2018\/11\/14\/a-reader-asks-why-did-a-phone-reset-not-free-up-memory\/","url_meta":{"origin":5091,"position":4},"title":"A reader asks: Why didn&#8217;t resetting my phone free up memory?","author":"Fred Langa","date":"2018-11-14","format":false,"excerpt":"A reader asks: \"Why is my Android phone crying for memory just after a factory reset?\" That's not much to go on, but here are some ideas: 1. Resetting a phone will remove temporary files and random junk files that may have accumulated, but doesn\u2019t otherwise free space or shrink\u2026","rel":"","context":"In &quot;A reader asks...&quot;","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4020,"url":"https:\/\/langa.com\/index.php\/2020\/01\/07\/why-do-laptops-take-so-long-to-reset-to-factory-settings-compared-to-smartphones\/","url_meta":{"origin":5091,"position":5},"title":"&#8220;Why do laptops take so long to reset to factory settings, compared to smartphones?&#8221;","author":"Fred Langa","date":"2020-01-07","format":false,"excerpt":"(Answer requested by Trevor Noble) Why does it take so long to paint a house compared to a garden shed? :) Laptops are typically much more capacious than phones, and carry far more software and files. EG: My phone (an S10) has 128GB of internal drive storage, with 75GB currently\u2026","rel":"","context":"In &quot;A reader asks...&quot;","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":false,"_links":{"self":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts\/5091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/comments?post=5091"}],"version-history":[{"count":4,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts\/5091\/revisions"}],"predecessor-version":[{"id":5098,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts\/5091\/revisions\/5098"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/media\/5092"}],"wp:attachment":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/media?parent=5091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/categories?post=5091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/tags?post=5091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}