Android Users Beware: Phones Being Shipped with Pre-installed Malware

Media Division | March 22, 2017

Mobile technology has made large advances over the past decade.  Previously, cell phones were just able to make calls, and even texting was a gigantic leap forward.  Nowadays, we can browse the internet, video chat, use all types of applications, and much more.  Though, as with any technology, cyber attacks, and malicious threats are of great concern for mobile tech.  Fortunately, a large majority of cyber threats can be defended against through the use of proper cyber security such as mobile antivirus and security softwares.  But in a recent discovery, there was a multitude of devices actually being shipped with pre-installed malware.

Details of the Discovery

This occurrence was discovered by Check Point Mobile Threat Prevention, and they had detected an infection in 36 Android devices which belonged to a large telecommunications company and a multinational technology company.  The malware, in the form of malicious apps, was not part of the ROM provided by the vendor and were in some way added to the supply chain.  The research team discovered that in six of the instances, the malware was added to the device ROM through the use of system privileges, which meant that they could not be removed by the user and the device would have to be re-flashed.

According to the team, most of the discovered malware were rough ad networks and info stealers.  One of which was Loki, which attackers can use to gain device system privileges.  They also discovered an instance of Slocker, which according to Check Point, “Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications.”

How to Keep a Mobile Device Protected

Mobile technology has become an increasingly large target for cyber attackers, and this has resulted in the need for consistent vigilance in regard to these devices.  There can be a few different courses of action that users can take to minimize risks of Android infections, including:

  • Scan New Phones – While the instance of pre-installed malware tends to be quite low, it cannot hurt to do a full scan of a new phone. This can potentially catch anything that did make its way onto the device.
  • Only Use Google Play – Third party app stores and downloads can easily contain malware, as they do not go through the rigorous approval process that apps contained on Google Play do. It is a safe policy to only download apps contained within the official Google Play store.
  • Avoid Newer or Low Reputation Apps – While Google does employ a thorough approval check before an app makes it to the store, there is always the potential that a malicious one could slip by. It can be good policy to hold off on downloading newer or low reputation apps until they have been available for a bit.  This allows them to be reviewed and used and could expose any malicious content.
  • Consider Android Antivirus – Several reputable security software companies offer anti-virus and anti-malware apps for Android. It can be beneficial to begin using one of these for the purpose of regular scans and additional security.

The Potential for POS Malware

The ability of malicious actors to slip these types of threats in during the supply process brings a potential scenario to light.  If threat actors were able to achieve this similar scenario with Point of Sale (POS) systems such as cash registers or credit card machines, they could easily be able to take advantage of a wide variety of financial information.  Though, there are of course other methods that hackers have employed to install POS malware remotely as well.  Whatever the case may be, devices in this sector must be properly secured by the organization employing them.  Massive Alliance offers a wide range of cyber security services that can help to prevent POS malware from infecting an organization’s systems.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.