Using RethinkDNS firewall, I observe suspicious requests for the router IP 192.168.2.1 that is labelled by RethinkDNS as comming from an "Unknown" app (whereas RethinkDNS displays the proper app for all other non-suspicious requests).
After blocking requests by the "Unknown" app, this app massively tries to connect to various IPs.
Is it correct to assume from this observations, that there is malware on my phone? If no, what else could I do to become sure about it? If yes, how to remove it?
Please excuse, that this question is possibly broad, I am egaer to learn, but I found no systematic information on how to do tackle this problem.
I am on a Google-Service free LineAgeOS with an old Android version 7.1.2 (due to their drop of support for my device Xiaomi Redmi Note 3). I am very picky about apps, and so far I have only installed OSS apps from FDroid-Repositories, but if there is a good recommendation I would also use Google store apps to solve this problem.
pm list packages -Uto find the app's package name. Relevant details: https://android.stackexchange.com/a/204022/218526 – Irfan Latif Apr 27 '21 at 12:15