Malicious Malware Found In 38 Android Devices

The malware added to the devices' ROM could not be removed by the users, therefore, the devices had to be re-flashed.

The malicious apps were not part of the official ROM firmware supplied by the device manufacturer but were added later somewhere along the supply chain, and in six of the cases, malware was installed to the ROM using system privileges.

The 38 Android phones and devices that were seen to have these type of malware pre installed in them came from two companies, namely a telecommunication company and a multinational tech company. "In addition, a user who receives a device already containing malware will not be able to notice any change in the device's activity which often occur once a malware is installed", Koriat added.

They published a list with the malicious apps and the devices infected with the malware. As part of its operation, the malware steals data about the device and installs itself to system, allowing it to take full control of the device and achieve persistency. One of the malicious apps was Slocker, a mobile ransomware that encrypts all the files on devices using an AES encryption algorithm and then demand for a ransom to give victims the decryption key. However, it does not mean to say that all the devices of these smartphone models will be infected out of the box. A ransomware is specifically used by a hacker to devoid the user from using his or her phone in exchange for money, one of the phones were discovered to have a specific ransomware called Slocker.

It began with digital picture frames and USB drives, and it has moved to mobile phones, with the latest example coming in the form of 36 Android phones that shipped with malware already installed on them.

The most notable malware targeting the devices is Loki.

In order to protect oneself from such risks of malware right out of the box in case of these smartphones and devices, it is important to buy the device from a verified seller.

"As a general rule, users should avoid risky websites and download apps only from official and trusted app stores".

Most of the rest of the pieces of malware were information stealers and ad displayers, Check Point said. They include different brands of Samsung Galaxy (Note 2, 3, 4, 5, 8, and Edge, S4, S7, A5, Tab S2), LG G4, Lenovo S90 and A850, or Nexus 5 and 5X. However, great guidelines can only go so far - pre-installed software compromises even the most careful users. "Users could receive devices which contain backdoors or are rooted without their knowledge", said Oren Koriat, Check Point Mobile Research Team.

  • Arturo Norris