A recent research shows that 36 devices of top smartphone manufacturers in the world were infected by pre-installed malware apps somewhere after leaving the manufacturer’s facility to landing in the end-users hand.
Most of the devices were infected by malware that would either run illegal ads or steal information from the device, but a mobile ransomware which goes by the name of Slocker was also found on several devices.
A majority of the infected devices are manufactured by Samsung, while other popular smartphone companies like Xiaomi, Oppo, Vivo, Lenovo, Asus and LG also have a few devices on the list.
“The malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor and were added somewhere along the supply chain,” said Oren Koriat from the Check Point Mobile Research Team.
Another malicious malware was an adnet — the Loki malware, which would run illegal advertisements on the device to generate revenue, steal information and gives the attacker control of the device by installing itself to the system.
Usually, malware is downloaded by users while downloading infected files (apps/games) from the internet, but this case stood out as the malware was pre-installed on the devices.
List of Affected Devices
- Samsung Galaxy Note 2
- Galaxy Note 3
- Galaxy Note 4
- Galaxy Note 5
- Galaxy Note 8.0
- Galaxy S7
- Galaxy S4
- Galaxy A5
- Galaxy Note Edge
- Galaxy Tab S2
- Galaxy Tab 2
- LG G4
- Xiaomi Mi 4i
- Xiaomi Redmi
- Lenovo S90
- Lenovo A850
- Oppo R7Plus
- Oppo N3
- Vivo X6 Plus
- Asus Zenfone 2
- ZTE x500
Earlier, Nexus 5 and Nexus 5x were also part of the list but these names were pulled off by CheckPoint from their list for an unknown reason.
“Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed,” Koriat added.
Malware has been a big issue for internet security firms and the pre-installed ones are even more dangerous as they have fewer chances of catching a user’s attention as any modification to a device’s behaviour only occurs after a malware is installed.
In the case of pre-installed malware, detection is difficult. This also brings to light a situation riddled with security loopholes on the internet which are being exploited by attackers running ransomware and illegal advertising.
Some sellers might be providing the device at a lower cost than the others, but to ascertain their credibility before thinking about saving some bucks on your new device will be a smart move.