36 highly popular Android Devices ships with Malware already installed
“The Check Point Mobile Threat Prevention has recently detected a severe infection in 36 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out,” Oren Koriat reports for Check Point. “In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it.”
“According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain,” Koriat reports. “Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”
“Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks, and one of them was Slocker, a mobile ransomware. Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key,” Koriat reports. “The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge.”
More info here.