Samsung Core Services flagged as having malware by Avast

Avast Mobile Security Avast Mobile Security for Android
1

On my Samsung S-10 Galaxy phone, I am getting a warning message from Avast Security Premium. It reads:

“Samsung Core Services contains malware that could harm your device. It is installed in the system partition and cannot be uninstalled. Instead, you must deactivate the app from system settings. Detection ID: 5f9e3bb91183”

Samsung Core Services is an integral component of my phone operating system, not easy or recommended to deactivate. Could this be a false positive?

My phone is running the latest iteration of the Android operating system and is not jailbroken or rooted.

2

Here is a screen capture of the malware warning message from Avast.

3

I just got this message today after updating my Avast mobile :

Malware Detected
Media Storage contains Malware that could harm your device. It is installed in the system partition and cannot be uninstalled. Instead, you must deactivate the app from system settings. Detection ID: 069d6c2ac8d6

Has this been confirmed to be a false positive, as others have mentioned ? Has this ever been resolved ?

I’m using Moto G Play Android version 10 Mobile Phone.

Thanks !

4

Same issue here with the Note 10+.

Avast says: Samsung Core Services contains Malware that could harm your device

It happened with another Samsung app for photo editing but I was ok uninstalling it. I just don’t recall the name of it.

5

I’m having the same problem when I scan my phone. Actually my wife’s phone is doing the same. Can’t disable as suggested because the button is grayed out. I’ve tried reinstalling the app and restarting but it’s the same.

6

I have just had it come up too.

7

Phone: Samsung Galaxy S10+
One UI Version: 4.1
Android Version: 12

“Samsung Core Services contains malware that could harm your device. It is installed in the system partition and cannot be uninstalled. Instead, you must deactivate the app from system settings.”
Detection ID: 1fc09fa67c60

8

Hi All,
I believe this was a security threat as per below link

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05

[i]"Android Applications Updates

SVE-2022-2478(CVE-2023-21505): Improper access control in Samsung Core Service

Severity: Moderate
Resolved version: 2.1.00.36
Reported on: October 14, 2022
Description: Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.
The patch add proper access control logic.
Acknowledgement: Stealth Assassin"[/i]

It appears Android/Samsung have released an update which removes Samsung Core all together. Re run your AV and it should come back clean. Hope this helps