Preinstalled Malware Found on Android Phones

Fagjun | Published 2017-03-13 22:09

A malware scanner has found preinstalled malware on 38 android phones that belong to two companies.

Most of the malware are for information theft. One the malware, Loki, displays ads and take over the device's system privileges. It generates revenue by displaying illicit ads while stealing data as well. Another malware is “Slocker”, which disrupts a user's control of the device. Slocker is ransomware, which means a user may have to either reset the device to factory settings, or pay a ransom to regain control of the device.

The two companies associated with the infected devices are still unidentified. However, reports say that one company is a “multinational technology company”, while another is a “large telecommunications company”.

Check Point Software Technologies, a maker of malware prevention software, published details of the incident on its blog.

Malicious Actors in the Supply Chain

Malicious actors behind the ransomware Slocker use Tor to hide their identities.

Typically, malware infect devices because the user downloaded an infected file or installed an app from a disreputable source. Therefore, users don't expect their new devices to already have malware on them. However, the devices in question already had malware even before users began using them.

The malware were not part of the manufacturers' official firmware. However, the malware were installed on the devices at some point in the production line. In six of the cases, whoever installed the malware did so by using system privileges. In these cases, users will be unable to get rid of the malware themselves.

A number of phones and tablets from the Samsung Galaxy series are part of the list of devices with preinstalled malware. Other brands include LG, ZTE, Oppo, Asus, vivo, Xiaomi, and Lenovo. It's important to note, however, that these manufacturers did not have a hand in installing the malware in question.

Worryingly, no one knows who sold these infected phones to the two companies as of yet.

Protecting Yourself from Preinstalled Malware

For now, it's unclear if the malware targeted the two companies in this case. If so, it's also unclear exactly why. However, it's also possible that there may be other devices that contain the malware. Whoever is behind the installation of these malware may be running a wider campaign affecting more devices and entities. The presence of ransomware in particular indicates that there may be a large malware campaign at work.

This incident sheds some light on what users have to do to protect their devices and their security from malware. The regular ways with which we protect ourselves from malicious apps are no longer enough. Check Point recommends that more advanced methods are now necessary in mobile security.

The simplest way to protect yourself even from preinstalled malware is to immediately scan a new device for malware. Another way is to avoid buying from resellers, especially ones that sell devices for a cheaper price. If you can't avoid buying from a reseller, do your due diligence and look into the reseller's reputation before making a purchase. However, it's always best to buy devices directly from one of the brand's outlet stores. This way, there are fewer risks that the device you buy comes with preinstalled malware.

Hey! Where are you going?? Subscribe!

Get weekly science updates in your inbox!