Malware Pre-Installed on Android Devices?

April 17, 2017

Recently, a commercially available malware scanner detected an infection of malware that surprisingly came pre-installed on almost forty devices going to two different companies. Check Point Software, a company that makes a mobile threat prevention application, published this article in March of 2017, and states that the apps in question were not part of the ‘official’ ROM firmware as released by the phone’s manufacturers – rather, they were added at some point in the supply chain while the phones were on their way to these firms. This further proves that no matter how careful you are, you can still be affected by a malicious application without even being aware of it.

For the most part, the apps in question were there to steal personal information, and deliver ads to the users of the phones. One such app, called “Loki,” attains system access on the device it is installed on. Another app, called “Slocker,” uses Tor to hide the identity of the people who are operating it.

 

Affected devices included:

  • LG G4
  • ZTE x500
  • Asus Zenfone 2
  • Vivo X6 plus
  • Galaxy Note 2, 3, 4, 5, 8 and Edge
  • Galaxy S7, S4, A5
  • Galaxy Tab 2 and S2
  • Xiaomi Mi 4i and Redmi
  • Oppo N3 and R7 plus
  • Lenovo S90 and A850

 

The companies that were affected were not disclosed. According to the article, it is unclear whether the two companies were targeted or if they were just a small part in a larger design. Since the ransomware and malware were relatively easy to identify, the consensus leans toward the latter, and nobody seems to know where the phones in question came from, stating only that one was a “multinational,” and the other a “large” telecom company.

But this isn’t the first time around the block for Android and such issues. In November of 2016, a backdoor that was preinstalled on literally hundreds of Android devices was found on phones made by the company BLU. Not long after, a different research team revealed a different backdoor on more than three million Android devices made by the same company as well as others.

This report illustrates why it’s always a good idea to scan new Android devices for malware, especially if the device was bought through a low-cost retailer. Look for a scanner with a good reputation – we recommend Lookout, Malwarebytes or Check Point – all great options, and easy to install and use. Another good rule of thumb is to always purchase your devices from a reputable retailer or website.