Researchers over at Check Point Security have discovered a severe infection in 38 Android devices which came pre-installed, belonging to a large telecommunications company, as well as a multinational technology firm.
According to the security firm, the malware arrived before users turned on their handsets for the first time. "The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain," the report stated. It affected many devices from various brands, which include the following:
- Samsung Galaxy Note2
- LG G4
- Samsung Galaxy S7
- Samsung Galaxy S4
- Samsung Galaxy Note4
- Samsung Galaxy Note5
- Xiaomi Mi 4i
- Xiaomi Redmi
- ZTE X500
- Samsung Galaxy Note3
- Samsung Galaxy Note Edge
- Samsung Galaxy Tab S2
- Samsung Galaxy A5
- Vivo X6 Plus
- Asus Zenfone 2
- Lenovo S90
- Oppo R7 Plus
- Oppo N3
- Lenovo A850
Most of the malware found pre-installed on affected devices were information stealers and rough ad networks, which included a ransomware called Slocker. This crypto-malware uses AES encryption algorithm to lock a victim"s files, and then demands money in exchange of unlocking them.
Check Point notes that the most notable rough adnet to target the devices is the Loki malware. "The malware displays illegitimate advertisements to generate revenue," says the security firm. "As part of its operation, the malware steals data about the device and installs itself to system, allowing it to take full control of the device and achieve persistency."
While it is of course advised to be wary of where we download our apps, it is noted that pre-installed malware is a completely different problem to tackle. Check Point expounds further:
Pre-installed malware compromise the security even of the most careful users. In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity which often occur once a malware is installed.
The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge.
Those who are interested in knowing more regarding the malware and the affected devices can check out the source link. Also, it is advised to utilize advanced security software which is capable of detecting and blocking malicious software, like Lookout or Malwarebytes Anti-Malware, which can help prevent malicious attacks in the long run.
Source: Check Point Security via The Independent