Despite being based on the very secure Linux kernel, Android isn’t necessarily a very secure operating system. Unlike iOS which does a great job of shielding its users from installing apps from outside Apple’s own App Store, it is far too easy to do so on Google’s mobile OS. Also, there is nothing requiring manufacturers to issue device updates, meaning many users are forced to use outdated and vulnerable versions of the operating system.
For the most part, however, Android users can remain safe by acting intelligently, such as only installing apps from the Play Store. Well, that might not be so true anymore. You see, it has been discovered that many models of Android smartphones — from manufacturers such as Samsung, LG, and even Google’s own Nexus line — are being sold with malware pre-installed. This is particularly bad malware, as it can steal user information. Some devices even came pre-loaded with ransomware!
“The Check Point Mobile Threat Prevention has recently detected a severe infection in 38 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it,” says Oren Koriat, Check Point Mobile Research Team.
Koriat further says, “According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”
Check Point shares the following make and models of Android devices, plus the associated infected APK.
|Asus Zenfone 2||com.google.googlesearch|
|Google Nexus 5||com.changba|
|Google Nexus 5||com.mobogenie.daemon|
|Google Nexus 5X||com.changba|
|Samsung Galaxy A5||com.baycode.mop|
|Samsung Galaxy A5||com.android.deketv|
|Samsung Galaxy Note 2||com.fone.player0|
|Samsung Galaxy Note 2||com.sds.android.ttpod|
|Samsung Galaxy Note 3||com.changba|
|Samsung Galaxy Note 4||com.kandian.hdtogoapp|
|Samsung Galaxy Note 4||com.changba|
|Samsung Galaxy Note 4||air.fyzb3|
|Samsung Galaxy Note 5||com.ddev.downloader.v2|
|Samsung Galaxy Note 8||com.kandian.hdtogoapp|
|Samsung Galaxy Note Edge||com.changba|
|Samsung Galaxy Note Edge||com.mojang.minecraftpe|
|Samsung Galaxy S4||com.lu.compass|
|Samsung Galaxy S4||com.kandian.hdtogoapp|
|Samsung Galaxy S4||com.changba|
|Samsung Galaxy S4||com.changba|
|Samsung Galaxy S4||com.mobogenie.daemon|
|Samsung Galaxy S7||com.lu.compass|
|Samsung Galaxy Tab 2||com.armorforandroid.security|
|Samsung Galaxy Tab S2||com.example.loader|
|vivo X6 plus||com.android.ys.services|
|Xiaomi Mi 4i||com.sds.android.ttpod|
It is important to note that the phones are not coming from the manufacturers with the malware installed. Instead, third-party retailers (or their suppliers) are pre-loading malware on the devices, which are sold to unsuspecting consumers. In other words, if you purchased your phone new from a trusted retailer like Best Buy, for example, then you should be fine. If you bought a phone from, say, eBay or Craigslist, you could be infected — but it is not a guarantee.
To make matters worse, the malware cannot be easily removed — an app cannot do it, sadly. Check Point found that the phones must be re-flashed entirely, with a clean version of the OS. This is likely beyond the capabilities of the average consumer.