Jerusalem – A severe case of malware infection has come to light in the form of a report by cyber security firm Check Point that has revealed that as many as 36 smartphones from major companies around the world are infected with pre-installed malware.
The report by Check Point reveals that devices from Samsung, LG, Xiaomi, Opp and ASUS are affected with different types of malware and these malware were not downloaded on their system after they were purchased, but came pre-installed. The report points out that these malware were not included in the ROM supplied by the vendor but were added to the devices by someone and somewhere in the supply chain.
“The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain”, reads a blog post by Check Point.
Experts at Check point note that six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.
Check Point was able to determine that most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks. However, there was a ransomware present as well – Slocker – which is known to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications.
The adnet which targeted the devices is the Loki Malware, which is a complex malware known to operate by using several different components; each has its own functionality and role in achieving the malware’s malicious goal. The malware displays illegitimate advertisements to generate revenue. As part of its operation, the malware steals data about the device and installs itself to system, allowing it to take full control of the device and achieve persistency, Check Point notes.
Below is the list of devices and the malware that were found installed:
|com.fone.player1||Galaxy Note 2
|com.kandian.hdtogoapp||Galaxy Note 4
Galaxy Note 8.0
|com.sds.android.ttpod||Galaxy Note 2
Xiaomi Mi 4i
Galaxy Note 3
Galaxy Note Edge
Galaxy Note 4
|com.example.loader||Galaxy Tab S2||e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff|
|com.armorforandroid.security||Galaxy Tab 2||947574e790b1370e2a6b5f4738c8411c63bdca09a7455dd9297215bd161cd591|
vivo X6 plus
|com.google.googlesearch||5 Asus Zenfone 2
|air.fyzb3||Galaxy Note 4||c4eac5d13e58fb7d32a123105683a293f70456ffe43bb640a50fde22fe1334a2|
|com.ddev.downloader.v2||Galaxy Note 5||92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f|
|com.mojang.minecraftpe||Galaxy Note Edge||fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429|