0

My computer (probably) had malware, and during that time I connected my phone to it (via USB) for transferring files, using as midi, etc. Is there a chance the malware could've spread from the computer to my phone? I don't see any scam popups or unusual logins.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 2
    The answer of possibility is always yes in infosec. The probability of some possibilities can be unlikely. – defalt Aug 25 '21 at 17:20
  • @defalt so should i format my phone? This was 3 months ish back. I connected it several times on different ocasions. –  Aug 26 '21 at 11:09

1 Answers1

1

It is possible but I would say it is rather unlikely that your phone was infected. By default USB debugging on Android is deactivated and that prevents most possibilities for an attacker to install apps/services on your phone since there is no adb command that can be used without active USB debugging. By default only file transfer from the computer to the phone is activated but that does not allow the installation of apps or other software on your phone. So you can check your SD card and internal storage for strange looking files but you will probably not find any.

Me7e0r
  • 83
  • 5
  • i actually had usb debugging on i think. i think you need it for using a phone as a midi –  Aug 26 '21 at 04:54
  • Yeah correct it isn't impossible. I edited my answer. With USB-Debugging on it's for sure possible – Me7e0r Aug 26 '21 at 04:58
  • wait nvm you dont need it –  Aug 26 '21 at 05:08
  • Btw i connected my phone to my computer several/many times on different occasions during the time i think i had malware. So am i still safe? I didnt think i had malware back then so thats why i connected. –  Aug 26 '21 at 18:28
  • I would say it is more likely that an attacker would steal the data on your phone instead of infecting it over your pc. An attacker has basically three possibilities to install software on your phone: adb, google play console and exploiting. Adb is not possible without usb-debugging and the simplest way. For google play attackers would need to steal your credentials and they could then only install apps from the store which is likely to be detected. For exploiting you need to have a decent amount of knowledge but it is a possibility. – Me7e0r Aug 27 '21 at 06:41
  • If you want to be really sure. Just reinstall your phone&pc and don't forget to change all you passwords. – Me7e0r Aug 27 '21 at 06:42
  • I alredy reinstalled my computer and changed passwords a while ago and did scans on my phone with kaspersky and malwarebytes. So am i good? –  Aug 28 '21 at 08:00
  • also this was about 3 months ago. Nothing ever happened to my passwords and didn't get any unusual logins. Just posting here cuz i randomly remembered that i connected my phone to it as well during that time. –  Aug 28 '21 at 11:19
  • I think then you should be fine. – Me7e0r Aug 28 '21 at 12:47
  • oh alright thanks :) btw i didn't format my phone. I only formatted my computer. Am i still good? Also the scans didn't find any malware. –  Aug 28 '21 at 13:20
  • You should be fine – Me7e0r Aug 30 '21 at 11:37