In 2016, a group of notorious hackers infected more than 10 million Android phones and tablets with the HummingBad malware system. Researchers from security firm Check Point Software Technologies claimed the malware installed more than 50,000 fraudulent apps each day, displayed more than 20 million malicious advertisements, and generated more than $300,000 per month in revenue.
That was last year, and the culprits were hackers with malicious intent.
In March 2017, Check Point Software Technologies performed a malware scan and detected a severe infection in 36 Android high-end Smartphones and Tablets manufactured by a number of famous brands including Samsung, LG, Asus, and Lenovo.
Distributed by two unidentified firms, a telecommunications company and a multinational technology company, these Android devices were found pre-installed with malware programs. Check Point mobile threat researcher Daniel Padon told Ars:
“This finding proves that, even if a user is extremely careful, never clicks a malicious link, or downloads a fishy app, he can still be infected by malware without even knowing it. This should be a concern for all mobile users.”
According to Check Point, the malicious apps were not part of the official ROM supplied by the vendor; they were added during the supply chain and manufacturing process. Check Point’s security experts wrote in a blog post:
“Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.
“Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks, and one of them was Slocker, a mobile ransomware. Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications.
“The most notable rough adnet which targeted the devices is the Loki Malware. The malware displays illegitimate advertisements to generate revenue. As part of its operation, the malware steals data about the device and installs itself to system, allowing it to take full control of the device and achieve persistency.”
A few of the infected Android devices that put your safety at risk are:
- Samsung Galaxy Note 2
- Samsung Galaxy S7
- Samsung Galaxy S4
- Samsung Galaxy Note 4
- Samsung Galaxy Note 5
- Samsung Galaxy Note 8.0
- Samsung Galaxy Note 3
- Samsung Galaxy Note Edge
- Samsung Galaxy Tab S2
- Samsung Galaxy Tab 2
- Samsung Galaxy A4
- Samsung Galaxy A7
- Oppo N3
- Oppo R7 plus
- Vivo X6 plus
- Asus Zenfone 2
- Xiaomi Redmi
- Xiaomi Mi 4i
- Lenovo A850
- Lenovo S90
Though Check Point confirmed that none of the manufactures mentioned in its analysis they were installing malware, Samsung and Lenovo are reviewing the findings. A Xiaomi spokesperson told the INQUIRER:
“In a report concerning preinstalled malware on Smartphones, Check Point stated that the ‘malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain’. We can confirm that the malware listed do not come with any official ROM on Xiaomi Smartphones. Xiaomi takes security very seriously and strongly recommends users go through official channels when buying our Smartphones to ensure they receive the official version of MIUI.”
If your Smartphone/ Tablet is on the list of infected devices, you would either need to root your device and uninstall the malware apps or you would need to completely reinstall the Smartphone/ Tablet firmware/ROM via flashing. To be on the safer side, download and run highly regarded malware scanners as soon as you first fire up your new Smartphone/ Tablet.
This article (ICYMI: Famous Brands’ High-End Android Smartphones Found Hiding Pre-Installed Malware) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.
Supporting Anonymous’ Independent & Investigative News is important to us. Please, follow us on Twitter: Follow @AnonymousNewsHQ
