Android Devices Pre-installed with Malware
Posted by: Timothy Weaver on 03/13/2017 02:05 PM
[
Comments
]
Do you have an Android device? It may have come preloaded with malware.
Check Point's Mobile Threat Prevention unit has found 21 different devices that have been preloaded with an ad server, info stealer and most dangerously a variant of a past campaign, Loki malware. Loki is capable of causing illegitimate ads that generate revenue as well as siphoning out data. Also found was Slocker ransomware.
The malware was not installed by the official ROM supplier, but was added at some point in the supply chain.
Check Point's Oren Koriat said: “Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed.”
Infected devices include:
• Samsung Galaxy Note 2, 3, 4, 5 and Edge
• Samsung Galaxy S2 and S4
• Samsung Galaxy Tab 2 and S2
• Samsung Galaxy A5
• Lenovo S90 and A850
• Xiaomi Redmi and M4i
• Asus Zenfone 2
• Oppo N3 and R7 plus
• ZTE X500
• LG G4
• Nexus
“The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge. To protect themselves from regular and pre-installed malware, users should implement advanced security measures capable of identifying and blocking any abnormality in the device's behavior,” Koriat said.
Source: SCMagazine
Check Point's Mobile Threat Prevention unit has found 21 different devices that have been preloaded with an ad server, info stealer and most dangerously a variant of a past campaign, Loki malware. Loki is capable of causing illegitimate ads that generate revenue as well as siphoning out data. Also found was Slocker ransomware. The malware was not installed by the official ROM supplier, but was added at some point in the supply chain.
Check Point's Oren Koriat said: “Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed.”
Infected devices include:
• Samsung Galaxy Note 2, 3, 4, 5 and Edge
• Samsung Galaxy S2 and S4
• Samsung Galaxy Tab 2 and S2
• Samsung Galaxy A5
• Lenovo S90 and A850
• Xiaomi Redmi and M4i
• Asus Zenfone 2
• Oppo N3 and R7 plus
• ZTE X500
• LG G4
• Nexus
“The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge. To protect themselves from regular and pre-installed malware, users should implement advanced security measures capable of identifying and blocking any abnormality in the device's behavior,” Koriat said.
Source: SCMagazine
Comments
