In light of recent botnets discovered by Google, and random lockscreens showing up on Note 4 devices completely on their own the past couple days... I've noticed something on happening on my S7 the last couple weeks.
This lpe folder continuously and periodically creates/modifies tmp*.raw files every day at arbitrary times. I've googled this and seen two other samsung users (devs from stackexchange and XDA) asking the same question, with no answers to be found. I know /g/'s not my personal tech support, but I do feel this warrants a thread just in case there may be some vulnerability or security issues for other Samsung users. (forgot to mention I'm running Nougat 7.0 on the S7e T-mobile variant)
>>59410233
What's in the files? Open them with a hex editor or something and post a screenshot. It's probably some Samsung bloatware, you have a billion background processes and system apps running on any given stock Samsung ROM.
>using a stock rom
>using google apps
>buying samshit
lmao idiot
>>59410252
I've tried everything. They're all unreadable gibberish it seems
>>59410233
Chamois was one of the largest PHA families seen on Android to date and distributed through multiple channels. To the best of our knowledge Google is the first to publicly identify and track Chamois.
Chamois had a number of features that made it unusual, including:
Multi-staged payload: Its code is executed in 4 distinct stages using different file formats, as outlined in this diagram.
You're fucked lmao
>>59410233
I don't even use a phone, but (if able)have you tried setting it to airplane mode and then leaving it sit for a day to see if it continues?
Wondering if It's a full on auto generate or something that triggers from usage.
>>59410326
Sounds like a good idea. I'll give it a shot if I can't find any more info on this.
>>59410401
I'd personally just root the phone and rename/delete Samsung's garbage in /system/app and /system/priv-app. If the files stop getting created, you can narrow it down to a specific APK and go from there. Or just install Cyanogenmod or something.
>>59410441
I really want to do this, but the Knox encrypted containers are so damn comfy. Was planning on signing up for the enterprise edition for keks, and see how much control it gives you when pushing MDMs. It's like a VM lite for android, and gives you more options to disable services than you can on the normal partition. If I root, I trip it
>>59410637
I guess you could try disabling everything you can through the stock Android app manager. They probably won't let you do much, but it's better than nothing.