Malware Discovered Pre-installed on Android Devices

Written by

Security researchers have found malware on nearly 40 different Android devices owned by two unnamed companies. While that may sound like a fairly normal occurrence, Check Point’s researchers claim the malware was pre-installed on the devices somewhere along the supply chain.

Check Point did not name the companies involved but said one was a large telecommunications company and the other a multinational technology company.

The malware found was not installed on the device by the users but was in fact already present when the users received them. The malware was not part of the ROM firmware supplied by the vendor. Therefore, Check Point said, malicious apps were added to the devices somewhere along the production line.

In some cases the malware was installed onto the ROM itself using system privileges. Removal of the malware in these cases required a full reinstall of the device.

Among the malware discovered on the devices was the Loki malware, which can be used to display illegitimate advertisements to generate revenue. It can also steal information about the device it’s installed on. Also discovered was the Slocker mobile ransomware. This can encrypt all files on the device and demand payment in exchange for the decryption key.

Most of the rest of the pieces of malware were information stealers and ad displayers, Check Point said.

The list of infected phones reads: Galaxy Note 2, 3, 4, 5, 8 and Edge, Galaxy Tab 2 and S2, Galaxy S7 and S4, Galaxy A5, LG G4, Xiaomi Mi 4i and Redmi, ZTE x500, Oppo N3 and R7 Plus, Vivo X6 plus, Nexus 5, Nexus 5X, Asus Zenfone 2, and Lenovo S90 and A850.

“The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge,” said Oren Koriat, Check Point Mobile Research Team.

Despite its worldwide popularity, Android continues to suffer from security issues. The ability to install apps on Android devices from unofficial app stores is causing a spike in malware infections. Even the official Google Play app store has been breached. On top of this the way the Android ecosystem works means many users don’t automatically get updates to the OS, leaving their devices vulnerable to security threats.

It’s also not the first time malware has been discovered pre-installed on Android devices.

This discovery adds another dimension to Android threats that users and businesses must be aware of.

“As a general rule, users should avoid risky websites and download apps only from official and trusted app stores. However, following these guidelines is not enough to ensure their security. Pre-installed malware compromises the security even of the most careful users. In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity which often occur once a malware is installed,” Koriat added.

What’s hot on Infosecurity Magazine?