I just did a scan on my android phone, HTC one and it came up that it has detected a trojan, ELF:BitCoinMiner-H [Trj]. I can’t see exactly where the file is but what Avast does show is this /storage/emulated/0/Download/OTA_M7_UL_JB_50_Vodafone_UK_1… that’s all I can see. Is this likely to be a threat which I need to get removed or could it be a false positive? I don’t want to delete the file if it ends up being something I need on my phone.
The cryptocurrencies mining just tries to get in via a default combination of login and password. Our advice is to always change the default login and password, set by manufacturers, as soon as you start using your device. Furthermore, it is also necessary to periodically update software running in your devices whenever this process is not automated.
Info credit and quote from AVG Virus Lab's Hynek Blinka
So take that advice from Hynek Blinka to heart. The malware at hand is a so-called PUP, a potentially unsafe program.
When login and password have been changed, you will be safe to go,