New Android malware (aprox Mar 28, 2021) - handled by Avast?

I saw on the news (and verified on several news outlet websites) that there is a new malware that fools users into thinking it is an update of their Android system.

  1. Is this new malware already detected/blocked/fixed by Avast?

  2. I got the popup and skipped out of it, and have not used the tablet since as a precaution except to install Avast on it. But when I looked at the System/Update menu I did notice that there is an update pending. Is this a safe O/S update or is the malware so embedded that it shows up in the System/Update menu?

  3. Are there any other precautionary steps I should take short of re-imaging the tablet back to factory settings?

the best advice is to update your Android device through the system settings and not through pkg files over the internet

1) Is this new malware already detected/blocked/fixed by Avast?
Impossible to tell when you give no info ???

Android forum section is here
Avast Mobile Security >> https://forum.avast.com/index.php?board=119.0

I guess he means: https://forum.avast.com/index.php?msg=1595011

That help, now we have something to work on

If you read that story you will see that the SHA-256 is given for two samples at the end

Then you copy that, go to virustotal, click search, paste in the SHA-256 and voila you have the answer (click refresh button if scan date is old)

https://www.virustotal.com/gui/file/96de80ed5ff6ac9faa1b3a2b0d67cee8259fda9f6ad79841c341b1c3087e4c92/detection

https://www.virustotal.com/gui/file/6301e2673e7495ebdfd34fe51792e97c0ac01221a53219424973d851e7a2ac93/detection

I probably should add some detail.

  • I don’t know much about the particular malware and I am no malware expert, just that it popped up in the news a couple days ago saying that it impersonates a system update in order to gain access to features. This is one article describing it: https://techcrunch.com/2021/03/26/android-malware-system-update/

  • The device is a Samsung tablet that is only about a month old. The only apps I installed on it were from Google Play, were very few and they were only apps that I used in the past on other devices without ever having security issues.

  • I did use the tablet at an airport before installing Avast. On that occasion the antivirus/firewall on my laptop detected and blocked an attempted portscan. If the tablet has been infected it is possible that it happened at that time through some port’s vulnerability.

  • A day or two after going through that airport the tablet indicated I needed to apply a update, specifically:
    Version: T500XXU3AUC6 / T500OXM3AUC6
    Size: 247.73 MB
    Security patch level: March 1, 2021

  • The first time I skipped out of it by hitting the tablet menu button. Today it just prompted me to do the update again, telling me I can skip the update one more time. This time I restarted the tablet. It is now telling me the update will be installed automatically at 10:23AM on March 31, 2021.

  • After skipping by pressing the circle icon, I checked with the III icon to see if any apps were running, none shows as running.

KEY QUESTIONS:
(1) Is this a sign of infection, or is it the normal behavior of Samsung Galaxy Tab A7 tablets?
(2) Is it safe to manually launch the update from the Settings app.
(3) Does Avast already block the Android malware indicated in the article that I provided a link for.
(4) Would a factory reset truly bring me back to the tablet’s initial state, or would it retain any infections already present?

(3) Does Avast already block the Android malware indicated in the article that I provided a link for.
Yes, see detection links i posted above
This is one article describing it: https://techcrunch.com/2021/03/26/android-malware-system-update/
"Researchers at mobile security firm [b]Zimperium[/b], which discovered the malicious app......"

Zimperium: https://blog.zimperium.com/new-advanced-android-malware-posing-as-system-update/