(WFLA – North Carolina) – According to the Mobile Threat Prevention department at Check Point Software Technologies Inc., Android users should beware of a set pre-installed malware that can wreak havoc on their lives. Check Point says they recently detected malware in 36 Android devices that came installed with the phone.
According to the findings, the malware was already present on the devices before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, but were added somewhere along the supply chain. Six of the malware infections were added by to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.
Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks. One of them was Slocker, a well known mobile ransomware. Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications.
The most notable rough adnet which targeted the devices is the Loki Malware. This complex malware operates by using several different components; each has its own functionality and role in achieving the malware’s malicious goal. The malware displays illegitimate advertisements to generate revenue. As part of its operation, the malware steals data about the device and installs itself to system, allowing it to take full control of the device and achieve persistency.
The risk of pre-installed malware
As a general rule, users should avoid risky websites and download apps only from official and trusted app stores, like the Google Play Store. However, following these guidelines is not enough to ensure their security. Pre-installed malware can compromise the security even of the most vigilant users. In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity which often occur once a malware is installed.
The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge. To protect themselves from regular and pre-installed malware, users should implement advanced security measures capable of identifying and blocking any abnormality in the device’s behavior.
List of Malware APKs, Shas, and Affected Devices
|com.fone.player1||3d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f||Galaxy Note 2|
|com.kandian.hdtogoapp||b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b||Galaxy Note 4|
|Galaxy Note 8.0|
|com.sds.android.ttpod||936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b||Galaxy Note 2|
|Xiaomi Mi 4i|
|Galaxy Note 3|
|Galaxy Note Edge|
|Galaxy Note 4|
|com.example.loader||e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff||Galaxy Tab S2|
|com.armorforandroid.security||947574e790b1370e2a6b5f4738c8411c63bdca09a7455dd9297215bd161cd591||Galaxy Tab 2|
|vivo X6 plus|
|com.google.googlesearch||217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4||5 Asus Zenfone 2|
|air.fyzb3||c4eac5d13e58fb7d32a123105683a293f70456ffe43bb640a50fde22fe1334a2||Galaxy Note 4|
|com.ddev.downloader.v2||92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f||Galaxy Note 5|
|com.mojang.minecraftpe||fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429||Galaxy Note Edge|