It seems that avoiding the insecure practices of clicking on suspicious links and downloading shady apps is no longer enough to prevent Android smartphones from being attacked by malware and ransomware, as new devices are found to be already infected right out of the box.
The discovery, made by cybersecurity company Check Point, raises fresh concerns on Android security and highlights the importance of malware scanners even on new smartphones.
Check Point Discovers Pre-Installed Malware
According to a blog post published by Check Point, the cybersecurity company discovered a "severe infection" on 38 Android-powered devices. While this is certainly not an unusual incident considering the increasing number of hackers using malware, the alarming detail is that the malware were not downloaded into the devices. Instead, they arrived with the malware pre-installed.
The findings of Check Point revealed that the devices already carried the malware even before they were received by the users. The malicious software, however, were not included in the official ROM that was supplied by the vendor, which means that the malware was injected into the Android devices somewhere within the supply chain.
In addition, six of the instances of malware were added to the ROM of the Android devices using system privileges. This means that the malware is impossible to be removed by the users themselves, with the devices requiring re-flashing to remove the malicious apps.
Most of the malware discovered in the Android devices were rough advertising networks and information stealers. One of the malicious apps was Slocker, a mobile ransomware that encrypts all the files on devices using an AES encryption algorithm and then demand for a ransom to give victims the decryption key. The most notable rough advertising network found among the devices is Loki, a complex malware that displays illegitimate advertisements on devices for revenue generation.
The devices that were found to have pre-installed malware include smartphones by Samsung, Google, Xiaomi, ZTE, Oppo, Vivo, Asus, and Lenovo. This does not mean, however, that all units of these models are infected right out of the box.
The Importance Of Malware Scanners
It should be noted that the 38 Android devices that came with pre-installed malware belonged to two separate companies which were not named. They were simply described as "a large telecommunications company" and "a multinational technology company." It is not clear if these two companies were specifically targeted by the people behind the installation of the malware within the supply chain or if the action was part of a bigger campaign on devices being sold into enterprises.
With the infected smartphones being sold into businesses, it does not mean that personal users are not at risk from receiving Android devices that have malware pre-installed into them. Cybersecurity has been brought into the spotlight once again with the recent uploading of the alleged hacking tools of the CIA by WikiLeaks, with users recommended to take cybersecurity into their own hands.
To avoid the risk of buying new Android devices with pre-installed malware, customers should purchase smartphones from verified sellers. In addition, upon receiving their new devices, customers should immediately download a malware scanner to ensure that their smartphones does not come with free malware and ransomware.