F-Secure Freedome potential false positive on Samsung Galaxy Note 5- "System UI"

Starting this morning, F-Secure Freedome has been warning me that my Samsung Galaxy Note 5 device  is infected. It says that "System UI" is infected with "Trojan:Android/SmsSend.AB". I have scanned my phone with Sophos, Kaspersky, Norton, and Bitdefender, yet they do not detect any malware on my phone. I am running Freedome version 2.0.33.3236 on Android 5.1.1.

I have checked the System UI permissions on another Galaxy Note 5 and the permissions are identical. I have also checked with my wireless carrier and there have been no suspicious SMS messages sent from my device to premium numbers or otherwise. Indications are this is a false positive on F-Secure's behalf.

5heaps

Comments

  • LakshLaksh Posts: 4,428

    Hi MemoryAccessReg,

     

    Is the detection shown from the App Security feature in Freedome? Please open a support request in order to investigate this further.

  • Just to say that I have the same issue flagged up by Freedome (on Samsung Note 4). I thought it unlikely to be a false positive, so thanks, Scholar, for mentioning it. I've sent a support request. 

     

    Here's a screenshot

     

    image

  • Same here on S5 Neo (G903F) running 5.1.
  • LakshLaksh Posts: 4,428

    Hello Everyone,

     

    This suspected false positive has been updated on our backend. Could you please check again and keep us posted if the issue persists?

  • traskilatraskila Posts: 2

    Same here.

    Running Google Nexus 7, Android 6.0.1, kernel 3.4.0-g094b859, Android security patch level 1 March 2016

  • traskilatraskila Posts: 2

    ... and it persists:

    running Google Nexus 7, Android 6.0.1, kernel 3.4.0-g094b859, Android security patch level 1 March 2016,

    Freedome 2.1.4.3592

    fs protection 16.2.012727

    ... flagged: "Basic Daydreams, scanned 31 Mar 2016, (...) This app is infected with a virus: Trojan:Android/Smsspy.6d2d2b3dab!Online" 

     ... the same flag for: Calendar Storage, com.android.providers.partnerbookmarks, HTML Viewer, Intent Filter Verification Service, MusicFX, Print Spooler, Simple mesage receiver

    ... and these flags while fs protection finds nothing.

This discussion has been closed.