Full archive

Had a file pop up a few times over a period of about three weeks.

Switched to Sophia after actually suffering a man in the middle and having my McAfee hijacked for remote access. Results were loss of couple accounts, some phone number spoofing/calls .

(Been amazing! Only complaint might be that Samsung themes trigger low reputation and unusual build.)

And way, the file name is: FulIArchive1989481710159676569

6005

Location: /storage/emulated/O/Android/data/

com.android.vending/files/dna.data

Image as appeared in app:

Detected for using an older version of Android, little readable text, unusual build apps, executables that can be ran in a shell

Parents
  • Hi  

    Could you please provide more details about the Sophos product and the version you are using? Also, please help us with more details about the issue you are facing. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

     

  • Oh apologies.

    I actually noticed someone else has had the similar problem. I didn't think from the looks of that thread anyone figured out what the full archive actually is (if I ever get the alert again since that was the second time I'm definitely going to send the file to Sophos)

    I'm using the sophos intercept x for mobile updated on the 17th.

    the first time this happened I actually didn't catch it and I knew the vending section was for things like the play store shortly afterwards I ended up with a whole bunch of compromised accounts and everything and I think there's something (not sure exactly what's but I had reasons to believe at the time that I actually ended up with something like a spybot) that is using an old archive of Google play services the probably has the version number updated.

    New version number causes the system to choose it over the the actual current update forcing your phone to actually update to an older version. And likely there then exploiting some security feature there for the spybot or what not

    Here's a link to their issue

    I'd actually it hoped for some insight if maybe I was wrong if maybe was just catching something that it shouldn't have caught. Or if anyone else had seen it. If not I'm just adding to the community knowledge base as sophos seems to be doing everything it should be doing and everything of mine is secure at this time

Reply
  • Oh apologies.

    I actually noticed someone else has had the similar problem. I didn't think from the looks of that thread anyone figured out what the full archive actually is (if I ever get the alert again since that was the second time I'm definitely going to send the file to Sophos)

    I'm using the sophos intercept x for mobile updated on the 17th.

    the first time this happened I actually didn't catch it and I knew the vending section was for things like the play store shortly afterwards I ended up with a whole bunch of compromised accounts and everything and I think there's something (not sure exactly what's but I had reasons to believe at the time that I actually ended up with something like a spybot) that is using an old archive of Google play services the probably has the version number updated.

    New version number causes the system to choose it over the the actual current update forcing your phone to actually update to an older version. And likely there then exploiting some security feature there for the spybot or what not

    Here's a link to their issue

    I'd actually it hoped for some insight if maybe I was wrong if maybe was just catching something that it shouldn't have caught. Or if anyone else had seen it. If not I'm just adding to the community knowledge base as sophos seems to be doing everything it should be doing and everything of mine is secure at this time

Children
No Data