Warning Android Users : Security Firm Finds 36 Android Devices With Pre-Installed Malware Onboard

3 min

 Now you might think what’s malware; malware is one kind of software which is specifically designed to disrupt, damage, or gain authorized access to a computer system to perform some certain work without users consent, in short, we describe it as the computer virus. 

As we know that any sort of Android devices is prompt or likely to get infected by many types of computer virus which are present in internet web.Well, here’s a new one for us. Security firm Check Point has found 36 Android devices from two specific companies infected with pre-installed malware. However, the malware was not installed by the manufacturer but is suspected of being slipped in down the supply chain.

Six of the malware instances were added by a malicious actor to the device’s ROM

Most of us might have reported on Android malware in the past and often times the cause leads back to users installing apps or downloading a file from a not so nice place/site. This particular pre-installed malware was pretty much undetectable by the users and was already onboard prior to them receiving their devices.

Security firmCheck Point concludes the malware was planted by someone through the supply chain before the devices were sold.The Check Point Mobile Threat Prevention has recently detected a severe infection in 36 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it.

 According to the findings, the malware was already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.

 Below are two examples of the malware installation. The research team was able to determine when the manufacturer finished installing the system applications on the device, when the malware was installed, and when the user first received the device.

 ∙ A malicious ad-net found in 6 mobile devices, APK com.google.googlesearch:

 ∙ Loki malware, APK com.androidhelper.sdk:

Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks, and one of them was Slacker, a mobile ransomware. Slacker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Shocker uses Tor for its C&C communications

 The most notable rough admit which targeted most of the android devices is known as the Loki Malware. The Loki malware operates using several different components; each has its own functionality and role in achieving the malware’s malicious goal. The malware displays illegitimate advertisements to generate revenue. As part of its operation, the malware steals data about the device and installs itself to the system, allowing it to take full control of the device and achieve persistency.

 The risk of pre-installed malware:

 As a general rule, users should avoid risky websites and download apps only from official and trusted app stores. However, following these guidelines is not enough to ensure their security. Pre-installed malware compromise the security even of the most careful users. In addition, infected devices with already pre-installed malware will not be able to notice any change in the device’s activity which often occurs once a malware is installed.

Security firmThe discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge. To protect themselves from regular and pre-installed malware, users should take some security measures in blocking and identifying any abnormality caused by the malware in the Android devices.

 Appendix 1 – list of Malware APPs and Affected devices:

[Malware – com.fone.player1]

[Malware – com.lu.compass]

[Malware – com.kandian.hdtogoapp]

[Malware – com.sds.android.ttpod]

[Malware – com.baycode.mop]

[Malware – com.kandian.hdtogoapp]

[Malware – com.iflytek.ringdiyclient]

[Malware – com.android.deketv]

[Malware – com.changba]

[Malware – com.example.loader]

[Malware – com.armorforandroid.security]

[Malware – com.android.ys.services]

[Malware – com.mobogenie.daemon]

[Malware – com.google.googlesearch]

[Malware – com.skymobi.mopoplay.appstore]

[Malware – com.example.loader]

[Malware – com.yongfu.wenjianjiaguanli]

[Malware – air.fyzb3]

[Malware – com.ddev.downloader.v2]

[Malware – com.mojang.minecraftpe]

[Malware – com.androidhelper.sdk]

The above-mentioned android devices are Some of the most malware infected device model which are undetectable and which we are unaware of were found by Israel-based cyber security firm Check Point.

 Sources: Google And Check Point Security