Your Xiaomi Redmi has slowed down, displayed suspicious ads or quickly discharged? It is likely that malware has settled on the device, from harmless advers to dangerous Trojans that steal bank card data. Unlike other brandsβ Android devices, Xiaomi smartphones have a unique MIUI firmware, where threats are disguised as system processes (for example, com.miui.analytics or com.xiaomi.midrop).
We'll take it. 5 Key sources of threats on Redmi: infected APK-Files, phishing sites, vulnerabilities MIUI, fake updates and malicious services Google Play, especially pay attention to hidden threats in the folder /system/priv-app/, All methods tested on Redmi Note models are not visible to standard antiviruses. 10/11/12, Redmi 9/10 and POCO X3/X4 s MIUI 13β14.
1. Signs of infection: how to recognize a threat on Xiaomi Redmi
The first step is diagnosis. Malware on MIUI is often disguised as legitimate processes, but there are 7 clear symptoms that can not be ignored:
- π Battery discharges in 2-3 hours without active use (check Settings) β Battery β Battery use β if there are unknown processes with consumption >15%, that's a warning sign).
- π± Accidental reboots or hangs on the Redmi logo (especially after installing apps from third-party sources).
- π° SMS about money write-offs or notifications from the bank about unauthorized transactions (often associated with Trojans Anubis or Cerberus).
- π’ Status bar ads or pop-up banners over all windows (even in Safe Mode).
- π‘ Suspicious traffic (check in Settings) β SIM-maps and mobile networks β Traffic usage β if an unknown app is eating" >500 MB per month).
- π Search engines are redirected to strange sites (for example, instead of google.com opens gooogle-search[random characters].com).
- π Unknown files in folders (Download, DCIM or /sdcard/.thumbnails β often hide out APK malware).
If you notice at least 2-3 signs from the list, immediately disconnect the phone from the Internet (In-plane mode) and start cleaning. MIUI has built-in Safe Mode - press the power button and hold the Turn off icon until the option appears. This mode only works system applications, which will help detect the virus.
β οΈ Note: If a message appears on the lock screen such as "Your phone is blocked by the FSB/police, pay a fine" is fraud. Do not transfer money! Such locks are only removed through Hard Reset (see section 5).
2. Step-by-step instructions: how to remove viruses without losing data
To start with, the softest methods that don't require resetting, and the important thing is that not all antiviruses are equally useful -- some, like the Clean Master or the DU Speed Booster, have ad modules themselves, and we only recommend proven tools:
- Remove suspicious apps: Go to Settings β Applications β Application Management and sort the list by installation date. Remove anything you installed in the last 3 days (especially games, βoptimizersβ or APKs from Telegram channels). Pay attention to applications with device administrator rights β they must first be stripped of their rights to Settings β Passwords and Security β Device Administrators.
- Check autoboot: Viruses are often prescribed in autoboot. Open Settings β Battery β Select autoboot apps and disable anything suspicious (e.g., com.android.system.update is not a system update, itβs a malware!).
- Scan with built-in MIUI Security: Run Security β Scan. If you find threats like RiskWare.AndroidOS.Agent or AdWare.Elex, remove them through this menu. MIUI Security is better than many third-party antiviruses at recognizing threats that are sharpened for Xiaomi.
- Use Malwarebytes or Kaspersky: Download Malwarebytes (free version) and do a deep scan. If Trojan-Dropper or Backdoor are found, follow the removal instructions. Kaspersky Mobile is also effective, but requires a subscription to remove threats.
βοΈ Checklist before removing viruses
If the threat persists after all the manipulations, check the system folders through a file manager (for example, Mi File Manager or Solid Explorer).
/storage/emulated/0/Android/data/[random symbols]
/system/priv-app/[unknown APK]
/data/local/tmp/β οΈ Note: Do not delete files from the folder /system It can lead to a phone blink (completely disabled) if you're not sure, skip this step.
3. Hidden threats: what to do if the antivirus does not find anything
Some viruses (e.g. xHelper or SharkBot) reset and re-infect the device, either in recovery sections or disguised as MIUI updates.
- π Check it out. ADB-Log: Connect the phone to the PC, turn on debugging USB (Settings β The phone. β Version. MIUI β Press 7 times, then return to the Additional Settings β For developers) and execute the command: adb shell dumpsys package | findstr "suspicious" If the output has lines with com.android.update or com.qualcomm... is a sign of infection.
- π‘ Network traffic analysis: Install NetGuard or PCAPdroid (without root). If an application called System Update type sends data to the Internet IP-addresses in China or Russia (e.g. 112.80.248.76 or 45.153.232.100) are 100% virus.
- π‘οΈ Download Hidden Eye Detector (available on the Internet) 4PDA). It finds apps that are tracking you through a camera or microphone (like AhMyth or SpyNote).
If you find an undeletable virus that returns after a reboot, there are two options:
- Fastboot phone (instructions in section 6).
- Contact the service - if you do not have experience with ADB or SP Flash Tool.
How do you check if MIUI is spying on you?
How to Protect Xiaomi Redmi from Future Attacks: 10 Security Rules
Even after cleaning, the phone will remain vulnerable if the holes are not closed.
| Vulnerability | How to close | The risk of neglect |
|---|---|---|
| Installation of APK from unknown sources | Disable in Settings β Privacy β Special Permissions β Install Unknown Applications | Viruses, Trojans, spyware |
| Phishing SMS/calls | Install Truecaller or enable spam filter in Google Messages | Stealing money from your account |
| The outdated MIUI firmware | Update through Settings β About the phone β System update | Exploits for remote access |
| Connecting to public Wi-Fi | Use a VPN (ProtonVPN or Windscribe) | Traffic interception (login/password) |
| Backup copies in the cloud | Turn off autosynchronization in Settings β Accounts β Mi Cloud | Leakage of photos / contacts when hacking an account |
Pay special attention to the settings of Google Play Protect:
- Open Google Play Store β click on the avatar β Play Protect.
- Enable App Scanning and Improved Threat Search.
- Click Scan β If you find threats like the Dangerous App, remove them.
π‘
If you often install APKs from Telegram channels, create a separate Google account without being tied to bank cards, so that viruses can not steal payment data.
5. Extreme measures: resetting and flashing
If the virus doesn't get removed or the phone is blocked by a ransomware, you'll have to resort to radical methods.
- Turn off the phone.
- Press the Power button + Volume up until the Mi logo appears.
- In the Recovery menu, select Wipe Data β Wipe All Data (manage by volume buttons, confirm by power button).
- After resetting, the phone will reboot to its original state.
If the reset didn't work (the virus stayed), it's embedd in the recovery or boot section, and then you need to flash it through Fastboot.
βοΈ What you need to flash it over
Instructions for Redmi Note 10/11 (the steps are similar for other models, but the firmware should be strictly for your device!):
- Download Fastboot firmware for your model (for example, redmi_note_10_global_images_...).
- Unpack the archive in the folder C:\MiFlash.
- Install the Mi Flash Tool.
- Turn off the phone, press Volume Down + Power to enter the Fastboot (a rabbit will appear with the inscription Fastboot).
- Connect your phone to your PC, in the Mi Flash Tool, press Refresh β the device must be determined.
- Select a firmware folder, press Flash and wait for the end (10-15 minutes).
β οΈ Note: If there is an error during the firmware anti_rollback, So you're trying to install an older version. MIUI, In this case, download the latest stable firmware for your model.
6. Frequent errors: What NOT to do when removing viruses
Many Xiaomi users make the problem worse with the wrong actions. Here are the 5 most dangerous mistakes:
- π« Install Google Play cleaners β many of them (Clean Master, Phone Booster) themselves contain advertising modules or sell your data.
- π« Rooting unknown applications gives you full access to the system. IMEI lock-in.
- π« Ignore updates MIUI β In older versions, there are vulnerabilities (for example, in the, CVE-2022-20472 into MIUI 12.5, remotely).
- π« Download "hacked" firmware from torrents - they often contain backdoors (for example, Triada or Ztorg).
- π« Trying to delete system files manually will result in a "brick" (the phone will not turn on). For example, deleting com.miui.securitycenter will deprive you of the built-in antivirus.
If after all the manipulations the phone still behaves strangely (for example, it turns on modem modem or sends SMS), do not hesitate β contact the service center. Some viruses (for example, FluBot) can multiply over Bluetooth and infect other devices.
π‘
If the virus has blocked access to settings, try entering Safe Mode (hold off the button) and removing suspicious apps from there. If it doesn't work, just flashing it.