device is accessing malware site -- belongs to google

Comments

5 comments

  • Avatar
    Topher

    I wouldn't be so sure it's a false positive. Looks like you could be part of the Mirai botnet. All of the recent indicators on Virus Total are for ELF, Trojan, Mirai but from what I can tell it's a P2P site. Have you downloaded any cracked files or free software lately? 

    0
    Comment actions Permalink
  • Avatar
    joe page

    Thanks for the quick reply! I can't think of anything installed that wasn't from Google Play (not that this necessarily means it's virus free)

    What would you do in this case to narrow down what could be causing the alert? Should I start by blocking the IP via firewalla and see if anything stops working?

    0
    Comment actions Permalink
  • Avatar
    Topher

    That's what I'd do, block it and see which app doesn't work. Firewalla will show you the hit count on all blocked IP's / domains so after you block it you can still see if something is hitting it. 

    How long ago did this alert begin? Try and correlate it with download history which you can view on your Google account

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    Agree with Topher, blocking it first and see.

    Also, the site may be using google cloud ... so it pretty much can be any service. 

    0
    Comment actions Permalink
  • Avatar
    Topher

    Joe, does akisinn.info ring a bell?
    If not, do you have the McDonalds app installed?

    0
    Comment actions Permalink

Please sign in to leave a comment.