Take our customer survey to evaluate your visit.
It should only take a few minutes to answer five quick questions. Just click the Launch survey button at the end of your visit to begin.
2018-11-25 09:54 PM - edited 2018-11-25 11:05 PM
Hi, I got a new XZ1 today but I found some mysterious files in the downloads folder I hope somebody can help shed light on in-case they are malicious or if somebody has tampered with the phone.
I purchased the phone from a listed retailer on the Sony mobile website.
Here is a list:
I found the MP4 file on gfycat (uploaded by somebody else) by Google search.
I checked some of the other files on my PC using VSCode, they look like this:
I'm unsure what I should do, any help apreciated, thanks!
I found another user on the OnePlus forums with the same exact issue.
2018-11-27 07:39 AM
I just found these on my phone as well. I know they weren't there yesterday because they're in a folder I open almost daily. The only apps I've downloaded onto my phone recently were Audible and Kindle, so I assume one of those is the culprit. Especially because the .MP4 file looks like it might be a short animation of how to turn a page in a document reader by making a swiping motion with your finger. I couldn't really say whether it's actually malicious or not, though.
2018-11-27 04:39 PM
Thanks! I uninstalled the updates to the Kindle app and reinstalled them, the files seem to reappear after the Kindle app is opened the first time after the update. I did this about four times and it's consistent.
I notice they have an update log which states "continuous scrolling" is coming soon in the what's new section, which may be what the animation refers to.
I'll contact the developer and see if they can confirm.
2018-12-02 07:56 AM
Just checking in to see if you received a response from the developer. I have the same exact files in my downloads folder on my Sony phone and on an old Samsung tablet. I recently downloaded the Kindle app on both devices and I noticed that these files appeared in my Files app around the same time.
I'm not that knowlegable about how plugins work, but when I did a quick search on rce I grew concerned about the possibility of the file name denoting a remote code execution as well.
Would love to hear if you figure out what these files are or if you get a response from the developer.
Thanks in advance.