Security researchers have found malware on nearly 40 different Android devices owned by two unnamed companies. While that may sound like a fairly normal occurrence, Check Point’s researchers claim the malware was pre-installed on the devices somewhere along the supply chain.

Check Point did not name the companies involved but said one was a large telecommunications company and the other a multinational technology company.

The malware found was not installed on the device by the users but was in fact already present when the users received them. The malware was not part of the ROM firmware supplied by the vendor. Therefore, Check Point said, malicious apps were added to the devices somewhere along the production line.

In some cases the malware was installed onto the ROM itself using system privileges. Removal of the malware in these cases required a full reinstall of the device.

Among the malware discovered on the devices was the Loki malware, which can be used to display illegitimate advertisements to generate revenue. It can also steal information about the device it’s installed on. Also discovered was the Slocker mobile ransomware. This can encrypt all files on the device and demand payment in exchange for the decryption key.

Most of the rest of the pieces of malware were information stealers and ad displayers, Check Point said.

The list of infected phones reads: Galaxy Note 2, 3, 4, 5, 8 and Edge, Galaxy Tab 2 and S2, Galaxy S7 and S4, Galaxy A5, LG G4, Xiaomi Mi 4i and Redmi, ZTE x500, Oppo N3 and R7 Plus, Vivo X6 plus, Nexus 5, Nexus 5X, Asus Zenfone 2, and Lenovo S90 and A850.

“The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge,” said Oren Koriat, Check Point Mobile Research Team.

RELATED: Hundreds of mobile websites and apps are found to leak personal info

Despite its worldwide popularity, Android continues to suffer from security issues. The ability to install apps on Android devices from unofficial app stores is causing a spike in malware infections. Even the official Google Play app store has been breached. On top of this the way the Android ecosystem works means many users don’t automatically get updates to the OS, leaving their devices vulnerable to security threats.

Source: infosecurity

Read entire post grey  Related Training grey

1 Comment »

Leave your comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s