Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 28337 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Low reputation app warning - unknown app (file name is string of numbers)

Julie N

Can you help me understand a security message from my the Sophos antivirus app on my Android phone (Samsung S5)? It's a notification about a low reputation app, but the name of the app is just a string of numbers. Does anyone know what this is? Is it malware of some kind?

The file name: 1549406981572

The file path:

/storage/emulated/0/Android/data/com.android.vending/files/dna_data

The notification included a list the following security considerations for the app:

- built for outdated Android versions

- contains executables

- unusual building tool

- read phone number

- little readable text

- not from a trusted app store

- read storage

- write storage

I told the Sophos app to delete it, so hopefully my phone is safe now. But I'd still like to know what it was, and how to prevent getting it in the future. Also, is there anything else I should do besides deleting it? Is my phone data or other apps compromised in any way from this incident?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    That looks like a dodgy application. Run a full scan from the Sophos application and you should be good to go. I don't think anything was compromised as the app was deleted and not run. 

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Yashraj S

    Thanks Yashraj!

    How can I be sure the app wasn't run? Would I have had to open it myself?

    Also, would the scan have caught it in real-time? How would an app like this have got on my phone without me knowing?

  • 0 in reply to Julie N

    Hi  

    I believe this was a ".apk" file which was detected. So you/some program will need to run it to infect the device. This app was flagged as a low reputation application and app reputation is a part of Sophos Mobile Security's Live Protection feature which means it was detected in real time. The path of the app suggests that this was placed in the external SD card so there could be many ways how it was placed in that location. Did anything show up in a full scan?

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Yashraj S

    Thanks Yashraj!

    I checked the file path on my phone, and it seems to be located in my internal storage, not the external SD card (the path folders are still there, but the actual file isn't). Does that change anything in your assessment of how it might have got on my phone? (I wasn't even using my phone at the time.)

    The detection showed up in a regular full scan, so that's why I wasn't sure if it was detected in real time...

    I've done several full scans since then, and nothing else has shown up.

    However, according to my logs, some of my scans show a varying number of "objects scanned" (ranging from 0 to 8000+ objects scanned for each scan), so I'm wondering if some scans missed some files?

  • 0 in reply to Yashraj S

    P.S. I got another warning about the low rep app again!! Sightly different file name, but same file path. I deleted it again, but I'm wondering what is going on here? How do I keep getting these mysterious files?

    The new file name: 1549681408582

    The old file name: 1549406981572

    The file path (same for both files): /storage/emulated/0/Android/data/com.android.vending/files/dna_data

    What is "com.android.vending"? I was looking at other similar app folders on my phone, and I noticed that at least one of them (com.android.providers.media) contains a similarly named file (different numbers). Is it common for apps to be named with a string of numbers? If so, is it possibly these types of files aren't actually malicious, and I've received a false positive? Or should I be concerned about all files named like this?

Reply
  • 0 in reply to Yashraj S

    P.S. I got another warning about the low rep app again!! Sightly different file name, but same file path. I deleted it again, but I'm wondering what is going on here? How do I keep getting these mysterious files?

    The new file name: 1549681408582

    The old file name: 1549406981572

    The file path (same for both files): /storage/emulated/0/Android/data/com.android.vending/files/dna_data

    What is "com.android.vending"? I was looking at other similar app folders on my phone, and I noticed that at least one of them (com.android.providers.media) contains a similarly named file (different numbers). Is it common for apps to be named with a string of numbers? If so, is it possibly these types of files aren't actually malicious, and I've received a false positive? Or should I be concerned about all files named like this?

Children
No Data
Unfiltered HTML