Thanks to an anti-malware scan, two large international companies discovered several types of malware preinstalled on 38 Android smartphones. Check Point Software Technologies, creator of an anti-malware scanning system, announced it.
The apps containing malware were not part of the official ROM, but it seems to have been added at a later point in the supply chain. In six of the 38 cases, someone added the malware exploiting the firmware system privileges: this implies the firmware has been completely re-installed on the phone, adding malicious apps.
Daniel Padon, a Check Point Mobile Threat researcher, explained:
This finding proves that, even if a user is extremely careful, never clicks a malicious link, or downloads a fishy app, he can still be infected by malware without even knowing it. This should be a concern for all mobile users.
Most of the malware installed steal information and show unsolicited advertising. One of the apps containing advertising, called Loki, can get the privileges of the device system and infects it. Other apps instead provide a dangerous ransomware called Slocker, able to block the device and then ask for ransom. The infected devices are:
- Samsung Galaxy Note 2
- Samsung Galaxy Note 4
- Samsung Galaxy Note 5
- Samsung Galaxy Note 8
- Samsung Galaxy S7
- Samsung Galaxy S4
- Samsung Galaxy A5
- Samsung Galaxy Note 3
- Samsung Galaxy Note Edge
- Samsung Galaxy Tab S2
- Samsung Galaxy Tab 2
- LG G4
- Xiaomi Mi 4i
- ZTE x500
- Oppo N3
- Vivo X6 plus
- Nexus 5
- Nexus 5X
- Asus Zenfone 2
- LenovoS90
- OppoR7 plus
- Xiaomi Redmi
- Lenovo A850
It is not yet clear whether the two companies involved have been chosen as a specific target, or are part of a wider data theft campaign. And it is not the first time Android smartphones are delivered with pre-installed malicious apps made to steal sensitive user data.
How to defend your smartphone Android against malware
The best thing you can do is always to scan your brand-new Android smartphone, especially if purchased through unofficial retailers. We suggest you try Malwarebytes and Check Point. Also be careful if you buy a pre-owned one.