Owners of Xiaomi, Redmi and POCO smartphones are periodically confronted with a frightening system notification that reads: “Payment security threat found” or “Threat detected in the phone.” This message often blocks access to banking applications, blocks the screen or requires immediate action.
MIUI Security scans your device for potentially unwanted programs (PUAs) that can intercept data entered into password fields. It's critical to understand that if the notification only appears when a particular application is launched, the problem lies in its code or certificates. However, if the pop-up overrides the entire interface and requires payment for unlocking, you've come across a classic ransomware blocker.
In this article, we will take a look at the algorithms for different scenarios, learn how to distinguish system warnings from real attacks, clear the security cache, and remove hidden miners or Trojans. We will look at both standard methods of eliminating through safe mode and advanced ways to reset access rights through ADB.
The nature of threats in the MIUI ecosystem
Operating envelope MIUI and its successor HyperOS have built-in antivirus developed in collaboration with Avast and AVL. When a system reports a threat, it relies on signature databases of known malicious code, and often the cause of false positives are applications that are downloaded not from the official Google Play store, but from third-party sources or from other sources. APK-files found in messengers.
The real threat to payments occurs when a Trojan-styler or keylogger is installed on the device, such programs masquerading as system processes, for example, “System Update” or “Google Services”. They can request special capabilities (accessibility), which allows them to read text from the screen, including: SMS-bank confirmation codes.
And you also have to consider the Adware factor, and many free apps, especially flashlights, scanners. QR-codes or "memory cleaners" insert frames on top of other windows, and it's these frames that can trigger Xiaomi's defenses, causing red plaques with warnings.
⚠️ Warning: Never click on links inside pop-ups that claim your phone is locked, and don't call the numbers listed there.
To understand the scale of the problem, consider the main types of threats faced by users:
- 📱 Fake Updates: Windows that simulate Flash player or Android system updates that require installation APK.
- 💸 Banking Trojans: Hidden modules that overlay phishing forms on top of real banking applications.
- 📢 Intrusive Advertising: Viruses that open full screen advertising windows, even on the desktop.
- 🔒 Encryptors: A rare but dangerous type of threat that blocks access to files and requires ransom.
Diagnosis: false positive or real virus
Before we start taking drastic measures, we need to identify the source of the problem: If the threat alert only appears when the built-in antivirus scans, but the phone is working normally, it is likely a potentially unwanted application (PUA), and if the phone opens the browser itself, the ads pop up randomly, and the battery runs out in a couple of hours, there is active malicious activity.
Notice how the device behaves in Safe Mode, which is only the system components that are loaded in Safe Mode, and if the threat disappears in Safe Mode and the phone is stable, then the problem is caused by a third-party application that you installed yourself.
Check the list of newly installed programs. Malware often gives its programs neutral names, such as System Service, Update, or Wi-Fi Tool, and hides their icons. To identify hidden processes, you can use the task manager or command via ADB.
Compare the symptoms of your problem with the table below for accurate identification:
| Symptoms. | Probable cause | Level of danger | Method of decision |
|---|---|---|---|
| Red window during scanning | Falsely triggered antivirus | Low. | Cleaning up the security cache |
| Advertising on the desktop | Adware / Virus in the application | Medium. | Removing a problematic APK |
| Locking the system | Lock screen (Lockscreen) | High-pitched | Reset via Recovery/ADB |
| Money from the account is missing. | Banking Trojan/Steeler | critical | Full reset + card change |
💡
Use the “Show running apps” feature in the developer settings to see active processes in real time.
Removing Threats Through Safe Mode
The most effective way to get rid of a virus that prevents you from using your phone properly is to download to Safe Mode, in which the Android operating system disables all user applications, leaving only the basic functionality, which allows you to remove the malicious file without any problems.
To enter Safe Mode on most Xiaomi and Redmi models, you need to press the power button and then (hold) the “Switch off” icon on the screen until you get a suggestion to go to Safe Mode. Some older versions of MIUI require you to press the volume button when you turn on the phone.
When you're in Safe Mode, go to your app settings. Sort the list by installation date or size. Look for apps with suspicious names or no icons. These are the most common sources of the problem. Once you delete the culprit app, reboot your phone in the usual way.
☑️ Checklist cleaning in safe mode
If standard deletion is not available (Gray button), then the virus has managed to obtain the administrator rights of the device, in which case you need to go to Settings → Passwords and Security → Privacy → Device administrators and revoke the rights of the suspicious element, only after that it can be removed.
Cleaning up antivirus data and resetting network settings
Sometimes the problem is not the virus, but the corrupted data of the Security application itself. Signature databases can be updated with an error, causing cyclic notifications.
Follow these steps: Go to Settings → Apps → All apps. Find the Security Center app in the list. Click on it and select Storage. Here you click Clear data and confirm the action. Fear not, it won't delete your personal files, it will only reset the scanner settings.
It's also worth checking the network settings. Viruses often prescribe themselves as VPN-service-change DNS-Addresses for traffic forwarding. Go to Settings → Connection and sharing → Private DNS. Make sure it's a value of "Auto" or "Disconnected." Having a third-party address may indicate traffic interception.
⚠️ Warning: After cleaning the antivirus data, be sure to update its virus databases via Wi-Fi so that the system can again effectively protect the device.
What to do if the “Delete” button is inactive?
Radical measures: Resetting and reflashing
If none of the softer methods worked, and the “Find in the Phone” threat continues to appear, blocking work, the only guaranteed way is a complete reset to factory settings (Wipe Data), which will completely destroy all data on the phone, including viruses, but return the device to the “out of the box” state.
Before the procedure, be sure to save important contacts and photos to the Google cloud or computer. To perform a reset via the Recovery Mode: turn off the phone completely. Then press both the power button and the volume button at the same time. Hold until the Mi logo appears.
In the Recovery menu (which is controlled by volume buttons and confirmed by the power button), select the language (English), then go to Wipe Data → Wipe All Data. Confirm the action. Once the process is complete, select Reboot. The phone will load longer than usual.
The sequence of buttons for Recovery:
1. Turn off the phone.
2. Clamp Power + Vol Up.
3. Select Wipe Data from the menu.
4. Confirm Wipe All Data.
5. Reboot.In the most difficult cases, when the virus penetrates even into the recovery section (which is extremely rare), a complete flashing of the device through the computer using the Xiaomi Flash Tool utility and the official Fastboot firmware is required.
💡
Wipe Data eliminates 99.9% of all known mobile threats, as it completely overwrites the system partition.
Preventing: How to Protect Payments in the Future
Once the threat is successfully removed, it is important to secure the result and prevent re-infection. Android is only safe with digital hygiene. First of all, refuse to install applications from unknown sources. MIUI does not allow APK installation from the browser by default - do not try to circumvent this restriction unless absolutely necessary.
Update your operating system regularly. Xiaomi engineers are constantly closing security vulnerabilities in Google security patches. Use two-factor authentication on all important services. Even if a virus steals your password, there will be no access to money without a second factor.
Install a reliable antivirus from a known vendor (such as Kaspersky, Dr.Web or ESET) for periodic checks, but do not keep multiple antiviruses active at the same time so as not to create conflicts.
- 🛡️ Google Play Protect: Keep this feature always enabled, it checks apps even from third-party sources.
- 🚫 Installation ban: In the “Special Features” settings, prevent unknown apps from accessing the screen.
- 🔒 Lock: Use a complex pattern lock or biometrics to unlock.
Remember that no system offers 100% protection from the user’s own actions, and that being mindful of the permissions that apps request and not being in the habit of clicking on questionable links in SMS and messengers is your main shield.