A recent research shows that 36 devices of top smartphone manufacturers in the world were infected by pre-installed malware apps somewhere after leaving the manufacturer’s facility to landing in the end-users hand.
Most of the devices were infected by malware that would either run illegal ads or steal information from the device, but a mobile ransomware which goes by the name of Slocker was also found on several devices.
A majority of the infected devices are manufactured by Samsung, while other popular smartphone companies like Xiaomi, Oppo, Vivo, Lenovo, Asus and LG also have a few devices on the list.
Like any other ransomware, Slocker uses an AES encryption and locks the data of the device, asking for a ransom in return for a decryption key.
“The malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor and were added somewhere along the supply chain,” said Oren Koriat from the Check Point Mobile Research Team.
Another malicious malware was an adnet — the Loki malware, which would run illegal advertisements on the device to generate revenue, steal information and gives the attacker control of the device by installing itself to the system.
Usually, malware is downloaded by users while downloading infected files (apps/games) from the internet, but this case stood out as the malware was pre-installed on the devices.
List of Affected Devices
Samsung Galaxy Note 2
Galaxy Note 3
Galaxy Note 4
Galaxy Note 5
Galaxy Note 8.0
Galaxy Note Edge
Galaxy Tab S2
Galaxy Tab 2
Xiaomi Mi 4i
Vivo X6 Plus
Asus Zenfone 2
Earlier, Nexus 5 and Nexus 5x were also part of the list but these names were pulled off by CheckPoint from their list for an unknown reason.
“Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed,” Koriat added.
Malware has been a big issue for internet security firms and the pre-installed ones are even more dangerous as they have fewer chances of catching a user’s attention as any modification to a device’s behaviour only occurs after a malware is installed.
In the case of pre-installed malware, detection is difficult. This also brings to light a situation riddled with security loopholes on the internet which are being exploited by attackers running ransomware and illegal advertising.
Pre-installed malware, in a majority of the cases, will go undetected by the user. This research goes out to show that in order to avoid getting infected devices, users should always buy from trusted sellers.
Some sellers might be providing the device at a lower cost than the others, but to ascertain their credibility before thinking about saving some bucks on your new device will be a smart move.