F-Secure Freedome potential false positive on Samsung Galaxy Note 5- "System UI"

MemoryAccessReg
MemoryAccessReg Posts: 1 New Member

Starting this morning, F-Secure Freedome has been warning me that my Samsung Galaxy Note 5 device  is infected. It says that "System UI" is infected with "Trojan:Android/SmsSend.AB". I have scanned my phone with Sophos, Kaspersky, Norton, and Bitdefender, yet they do not detect any malware on my phone. I am running Freedome version 2.0.33.3236 on Android 5.1.1.

I have checked the System UI permissions on another Galaxy Note 5 and the permissions are identical. I have also checked with my wireless carrier and there have been no suspicious SMS messages sent from my device to premium numbers or otherwise. Indications are this is a false positive on F-Secure's behalf.

Comments

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hi MemoryAccessReg,

     

    Is the detection shown from the App Security feature in Freedome? Please open a support request in order to investigate this further.

  • 5heaps
    5heaps Posts: 1 New Member

    Just to say that I have the same issue flagged up by Freedome (on Samsung Note 4). I thought it unlikely to be a false positive, so thanks, Scholar, for mentioning it. I've sent a support request. 

     

    Here's a screenshot

     

    image

  • ninjajbz
    ninjajbz Posts: 1 New Member
    Same here on S5 Neo (G903F) running 5.1.
  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hello Everyone,

     

    This suspected false positive has been updated on our backend. Could you please check again and keep us posted if the issue persists?

  • traskila
    traskila Posts: 2 New Member

    Same here.

    Running Google Nexus 7, Android 6.0.1, kernel 3.4.0-g094b859, Android security patch level 1 March 2016

  • traskila
    traskila Posts: 2 New Member

    ... and it persists:

    running Google Nexus 7, Android 6.0.1, kernel 3.4.0-g094b859, Android security patch level 1 March 2016,

    Freedome 2.1.4.3592

    fs protection 16.2.012727

    ... flagged: "Basic Daydreams, scanned 31 Mar 2016, (...) This app is infected with a virus: Trojan:Android/Smsspy.6d2d2b3dab!Online" 

     ... the same flag for: Calendar Storage, com.android.providers.partnerbookmarks, HTML Viewer, Intent Filter Verification Service, MusicFX, Print Spooler, Simple mesage receiver

    ... and these flags while fs protection finds nothing.

This discussion has been closed.
Product & Pricing Info