Malware is constantly evolving in the cyber world, making it very difficult to defend confidential information from hackers. Smartphones are specifically susceptible to hackers because they are going beyond the typical “hacker methods,” like installing malware through shady apps, and clicking suspicious links.
A cybersecurity company named Check Point, had discovered that new Android devices had been infected right out of the box. This raises concern for the lack of security on Android devices and highlights the need for malware scanners that would be able to detect any malware and notify the user. In a blog post published by Check Point, the company had discovered a “severe infection” on 38 Android-powered devices. Although it is not very alarming that these devices had malware, the fact that the malware was not installed onto the device through user interaction, meaning that the malware came preinstalled on the Android devices.
This discovery led to an investigation of how the malware was injected in the first place. The official ROM supplied by the vendor gives no indication of being part of the malicious software, meaning that the malware was injected somewhere along supply chain. On top of the malware being preinstalled onto the device, six of the original 38 infected devices had malware added to their ROM using system privileges, meaning that the malware is impossible to remove, except through re-flashing the device to remove all malicious apps.
The majority of malware found in the Android devices ranged from rough advertising networks to information stealers. Two of the common malicious apps that came preinstalled on many of these devices are Slocker and Loki. Slocker is a “mobile ransomware that encrypts all the files on devices using an AES encryption algorithm and then demand for a ransom to give victims the decryption key” Loki on the other hand is a “complex malware that displays illegitimate advertisements on devices for revenue generation.
The devices that came preinstalled with malware originated from large smartphone companies such as Samsung, Google, Xiaomi, ZTE, Oppo, Vivo, Asus, and Lenovo. Since the infected devices came from different brands, it is safe to assume that the issue of malware is caused by a vulnerability in Android.
The 38 Android devices that came with preinstalled malware came from two distinct companies which were not named were simply classified as “a large telecommunications company” and “a multinational technology company.” It is still unknown if these two specific companies were under attack by hackers or was part of a larger agenda to affect much larger enterprises.
Although these Android devices show unprecedented hacking of confidential information, it is crucial to understand that the awareness of cybersecurity has gone up even more, especially after the release of the alleged hacking tools that the CIA uses by WikiLeaks, encouraging users to take cybersecurity into their own hands. To reduce the chance of receiving a device with a preinstalled malware, consumers are warned to buy products only from verified sellers. For extra precaution, customers should immediately install malware scanners on their devices to ensure that the device did not come with free malware and ransomware.
Featured Image via Wikimedia