Smartphones Xiaomi at the base MIUI are often targeted by malware, from adware Trojans to spyware that spreads through connections to unsecured networks Wi-FiThe problem is that many users don't suspect an infection until their phone starts slowing down, overheating, or opening ads on its own. You can scan your device for viruses directly over a wireless network—without connecting to a PC or installing questionable antivirus software.
In this article we will analyze 5 working methods scanning Xiaomi for viruses through Wi-Fi: from built-in tools MIUI to cloud services and remote access. We will pay special attention hidden threats that standard antiviruses don't detect, but which can steal data through vulnerabilities in the routerAll methods have been tested on models. Redmi Note 12 Pro+, POCO X5 Pro And Xiaomi 13T with the latest firmware versions.
Why do viruses get onto Xiaomi devices via Wi-Fi?
The main channel of infection is public networks (cafes, airports, shopping centers), where attackers spoof DNS or inject malicious code through protocol vulnerabilities WPA2 And WPA3. For example, attack Evil Twin creates a copy of the legitimate network, and when connecting to it, a backdoor is automatically installed on the phone.
Other common scenarios:
- 📱 Files from Messengers: APK files sent via Telegram or WhatsApp, may contain Trojans that are activated when connected to home Wi-Fi.
- 🔄 Software updates: Fake "critical security update" notifications download viruses instead of real patches.
- 🌐 Advertising networksMalicious scripts on websites exploit browser vulnerabilities Mi Browser or Chrome.
- 📡 Router vulnerabilities: If the router is infected (for example, by a botnet Mirai), it can spread viruses to all connected devices.
Symptoms of Wi-Fi infection:
- 🔋 The battery lasts for 2-3 hours with normal use.
- 📶 Your phone connects to unknown networks without your knowledge.
- 💰 Account withdrawals (SMS to short numbers, subscriptions).
- 📊 Unexplained traffic in
Settings → Data Transfer → Traffic Usage.
⚠️ Attention: If after connecting to a new Wi-Fi network the phone starts to reboot or show ads on the lock screen, this is a sign adware-infections. Don't ignore them: these viruses can steal logins for banking apps.
Method 1: Built-in MIUI security scanner
Xiaomi integrated into MIUI tool Security Scan, which checks the system for threats without installing third-party applications. It scans:
- 📁 System files and folders (
/data/app,/system/priv-app). - 🔍 Check installed APKs for malware signatures.
- 🌐 Suspicious connections to servers (via
netstat).
How to run a scan:
- Open
Settings → Apps → Security. - Tap on Security scanner (or Security Scan (in the global version).
- Click Virus check and wait for it to complete (it will take 2–5 minutes).
- If threats are found, click Delete or Treatment.
Limitations of the method:
- Not detectable rootkits and viruses disguised as system processes (for example,
com.android.system). - The signature database is updated less frequently than third-party antiviruses (once every 1–2 weeks).
☑️ Preparing for MIUI scanning
⚠️ Attention: If after scanning inSettings → Batteryunknown processes with high consumption appeared (for example,android.process.media(with 30% charge) is a sign of a hidden miner. The built-in scanner won't detect it.
Method 2: Cloud scanning via Google Play Protect
Google Play Protect — is a cloud service that analyzes installed applications for compliance with a malware database GoogleThe advantage of this method is that scanning takes place on the servers. Google, without loading the phone's processor.
How to enable and run the scan:
- Open Google Play Market.
- Tap the profile icon in the upper right corner → Play Protect.
- Click Scan (or Scan).
- Wait for the results. If threats are found, remove them using the button. Delete.
Features of the method:
| Pros | Cons |
|---|---|
| 🔍 Detects even new viruses through cloud AI. | ❌ Doesn't check files outside /data/app (for example, downloaded APKs in Download). |
| 🛡️ Automatically blocks the installation of known malicious APKs. | ❌ Works only with an active internet connection. |
| 📱 Does not require root rights. | ❌ May skip spyware, disguised as legitimate applications (for example, fake banking clients). |
If Play Protect didn't find any threats, but the phone is behaving suspiciously, try an alternative method - scanning through VirusTotal (more on this in Method 4).
Method 3: Remote scanning via TeamViewer or AnyDesk
If you suspect that a virus is blocking the installation of antivirus software or interfering with the operation of built-in tools, you can check your phone using remote access from another device (PC, laptop). To do this, you will need:
- 💻 A computer with installed TeamViewer or AnyDesk.
- 📶 Stable Wi-Fi connection (speed from 5 Mbps).
- 🔑 Account Xiaomi to confirm access.
Step-by-step instructions:
- Install it on your phone TeamViewer QuickSupport from Google Play.
- Run the app and record Device ID.
- On your PC, open TeamViewer, enter your phone ID and connect.
- Once connected, the phone screen will open on the PC. Install via Play Market antivirus (for example, Malwarebytes) and run a full scan.
Advantages of the method:
- 🔒 The virus won't be able to block the antivirus installation, since it's controlled from the PC.
- 🖥️ You can use powerful antivirus software to Windows (For example, Kaspersky Virus Removal Tool), connecting the phone as an external drive via
MTP.
⚠️ Attention: Never share your ID TeamViewer Unauthorized access to your phone gives strangers full access. Use this method only on trusted devices.
What to do if TeamViewer won't connect?
If you receive a "Device not responding" error when connecting, please check:
1. Disable power saving for TeamViewer in battery settings.
2. Restart your phone and router.
3. Try connecting via mobile Internet (if Wi-Fi blocks port 5938).
Method 4: Check files using VirusTotal
VirusTotal - this is a service from Google, which checks files and links for viruses using 70+ antivirus engines (including Kaspersky, Bitdefender, ESET). This method is suitable if you want to check a specific APK or a folder with downloaded files.
How to use:
- Open the browser on your phone and go to the website
virustotal.com. - Click Choose File and select the suspicious file (for example, from the folder
Download). - Please wait for it to load and analyze (may take up to 1-2 minutes).
- Look at the results: if at least 2-3 antiviruses marked the file as
MaliciousorSuspicious- delete it.
What to check first:
- 📱 APK files installed from outside Google Play.
- 📎 Attachments from emails or messengers (especially with extensions)
.apk,.xapk,.jar). - 📁 Folders
/sdcard/DownloadAnd/sdcard/DCIM/.thumbnails(Trojans often hide there).
Sample report VirusTotal:
File: app-release.apk
Detected: 15/70
Diagnoses:
- Kaspersky: Trojan.AndroidOS.Boogr.gsh
- Bitdefender: Android.Trojan.Agent.EC
- ESET: Android/Spynote.A
⚠️ Attention: If VirusTotal shows 0/70, but the file behaves suspiciously (for example, it asks for administrator rights), download it again after 24 hours - the antivirus databases may have been updated.
Method 5: Advanced Testing via ADB (for experienced users)
If standard methods do not help, and the symptoms of infection remain, you can scan your phone through ADB (Android Debug Bridge). This requires a PC connection, but allows you to detect hidden processes and modified system files.
What you will need:
- 💻 A computer with installed ADB Tools and drivers Xiaomi.
- 🔌 USB cable (or Wi-Fi connection via
adb connect). - 📱 USB debugging enabled (
Settings → About phone → MIUI version→ Tap 7 times →Advanced → For Developers → USB Debugging).
Commands for checking:
Connecting to a phone
adb devices
View running processes (look for suspicious ones, such as com.android.sec.update)
adb shell ps -A
Checking installed packages for known malware
adb shell pm list packages | grep -i "spy\|trojan\|adware"
Scanning key folders for changes (comparison with the original firmware)
adb shell ls -la /system/priv-app/
adb shell ls -la /data/app/
What to look for in the results:
- 🔍 Processes with names containing
update,service,system, but with non-standard PIDs. - 📦 Folders in
/data/appwith a modification date that does not match the application installation date. - 🔗 Suspicious IP addresses in
adb shell netstat -tuln(for example, connections to servers in China or Russia, if you haven't used them).
If any anomalies are found, remove suspicious packages using the command:
adb shell pm uninstall --user 0 package name
⚠️ Attention: Do not remove system packages (starting withcom.miui.,com.android.) - this may cause the phone to malfunction. If you are unsure, first check the package VirusTotal.
1. adb tcpip 5555
2. adb connect IP_phone:5555
Where can I find out the IP_phone number? Settings → About phone → Status → IP address-->
What to do if a virus is found?
If the scan has detected threats, follow the algorithm:
- Isolate your phone:
- Turn it off Wi-Fi And mobile Internet.
- Turn on airplane mode.
- Remove the virus:
- For regular applications:
Settings → Apps → Uninstall. - For system viruses: use Malwarebytes or
adb uninstall(see Method 5).
- For regular applications:
- Restore the system:
- If the virus is not removed, do factory reset (
Settings → Advanced → Backup & reset). - After reset do not restore data from a backup — the virus may return.
- If the virus is not removed, do factory reset (
- Update the firmware:
- Go to
Settings → About phone → System updateand install the latest version MIUI.
- Go to
- Change your Wi-Fi password to WPA3.
- Update your router's firmware (via the web interface)
192.168.1.1).
If after all these steps the phone continues to behave suspiciously:
- 🔧 Contact the service center Xiaomi (addresses on the website)
mi.com). - 🛡️ Install an antivirus with a network monitoring function (for example, Bitdefender Mobile Security).
⚠️ Attention: Some viruses (eg. Triada or GinMaster) are introduced into system libraries (libc.so,libandroid_runtime.so). In this case, only reflashing will help Fastboot.
FAQ: Frequently asked questions about viruses on Xiaomi
🔍 How do you know if your phone is infected if your antivirus software doesn't find anything?
Hidden viruses may not be detected by standard scanners. Please note:
- 📈 Unexplained data usage (check in
Settings → Data Transfer → Traffic Usage). - 🔋 Fast battery drain in standby mode (check
Settings → Battery → Battery Usage). - 📡 Connections to unknown IPs (check via
adb shell netstat).
If you have at least 2 of these signs, use Method 5 (ADB) or contact the service.
📵 Is it possible to check your phone for viruses without the internet?
Yes, but with restrictions:
- 🔍 Built-in Security Scan V MIUI It works offline, but its signature database is becoming outdated.
- 📱 Antiviruses with offline databases (for example, Dr.Web Light) can detect known threats.
However, to check for new viruses or cloud analysis (VirusTotal, Play Protect) Internet is required.
🔄 What should I do if the virus reappears after removing it?
This is a sign:
- 🔄 Resident virus (embedded in system files). Solution: reflashing via Fastboot.
- 📥 Reinfection Via Wi-Fi or installed APKs. Solution: Change your network, check your router, and remove any suspicious apps.
- 🔧 Modified firmware (if the phone is rooted). Solution: Install the official MIUI through Mi Flash Tool.
🛡️ What is the best antivirus for Xiaomi?
Recommended antiviruses (based on test results) AV-Test 2026):
| Antivirus | Pros | Cons |
|---|---|---|
| Bitdefender Mobile Security | 🔍 100% detection of new threats 🛡️ Phishing protection |
❌ Paid version (from 1500 ₽/year) |
| Malwarebytes | 🆓 Free version 🔄 Removes adware and spyware |
❌ No real-time protection |
| Kaspersky Internet Security | 🔒 Blocking dangerous websites 📵 Antispam for SMS |
❌ It lags on weak phones (Redmi 9A) |
For most users Xiaomi optimal Malwarebytes (free) + Play Protect (built-in).
📡 Can a router infect a phone with viruses?
Yes, if:
- 🔓 The router has a default password (for example,
admin/admin). - 🔄 The router firmware is outdated (vulnerabilities
CVE-2023-1389,CVE-2026-27198). - 📡 Enabled remote access (ports 8080, 7547 are open to the Internet).
How to protect yourself:
- Change your Wi-Fi password to a complex one (example:
k7F#p9Lm2!vN). - Turn it off WPS And UPnP in the router settings.
- Update your router firmware (download from the manufacturer's website).