The Phone That Kept Redirecting

Date: 2025-08-13 Duration: About 2 hours Issue: Mobile browser redirecting to malicious domains Root Cause: Malicious game modified APN DNS settings

The Symptom

My daughter handed me her phone. “Dad, the internet is broken.”

Tried loading speedtest.net. Got redirected to bbump-me-push.com with a DNS_PROBE_FINISHED_NXDOMAIN error.

That’s not a broken internet. That’s malware.

The First Attempts

Google Play Protect: Enabled. Found nothing.

Avast Free: Downloaded, full scan. Found nothing.

Browser clear: Cleared all data, cache, cookies. Redirects continued.

Both major antivirus engines missed it. The malware was either very new or very clever.

The Investigation

Asked the obvious question: “What did you install recently?”

“Just some games.”

Games. Of course. Free games with too-good-to-be-true reviews and excessive permission requests.

Went through the app list. Found three games installed in the last week:

• A match-3 puzzle clone
• A “speed booster” (red flag #1)
• A wallpaper app (red flag #2)

Uninstalled all three. Tested again.

The redirect changed. Now it went to Etsy affiliate links instead of bbump-me-push.com.

Progress — the malware was weakening — but still active.

The DNS Problem

Here’s what confused me: the redirects happened on mobile data, not just WiFi.

WiFi redirects are usually router-based or browser-based. Mobile data redirects mean the device itself has been compromised at a deeper level.

Checked the obvious:

• No VPN running
• No proxy configured
• Private DNS set to “Automatic”

Everything looked clean. But something was still hijacking DNS.

The APN Discovery

Then I checked the one thing most people forget about: Access Point Names.

Settings → Connections → Mobile Networks → Access Point Names

The carrier’s APN had been modified. Custom DNS servers were pointing to addresses I didn’t recognize.

The malicious game hadn’t installed traditional malware. It had quietly edited the carrier APN configuration, inserting rogue DNS servers that redirected traffic to affiliate sites.

The Fix

Reset the APN to carrier defaults:

1. Settings → Connections → Mobile Networks → Access Point Names
2. Three-dot menu → Reset to default
3. Restart phone

Tested speedtest.net. Loaded correctly. No redirects.

Tested a few more sites. All clean.

Why Antivirus Missed It

Traditional mobile antivirus scans apps and files. It doesn’t check carrier APN settings.

The malware:

1. Requested “phone” permissions (common for games that show ads)
2. Used those permissions to modify APN configuration
3. Left no malicious files behind
4. Injected itself at the network layer, below where antivirus looks

The game was gone, but its DNS changes persisted. That’s why uninstalling the games didn’t fix the problem immediately.

The Lecture

My daughter got the talk:

• Never install “speed boosters” or “cleaners”
• Check app permissions before installing
• If an app asks for phone/SMS permissions, think twice
• If something seems free but amazing, it’s probably malware

She nodded. She’ll probably forget by next week. But at least her phone works now.

What I Learned

APN settings can be modified by apps. With the right permissions, a malicious app can change your carrier’s DNS configuration.

Antivirus doesn’t check everything. Network-level hijacking bypasses traditional file scanning.

Mobile data redirects are worse than WiFi redirects. They indicate device-level compromise, not just browser or router issues.

Always check APN settings on Android malware. It’s the one place nobody thinks to look.

Prevention

For next time:

• Install a DNS-level ad blocker (NextDNS or similar)
• Use “Private DNS” with a trusted provider (1.1.1.1 or 8.8.8.8)
• Review app permissions regularly
• Avoid games from unknown developers

The phone is clean. For now.

Family tech support: the debugging session that never ends.