A severe infection has been found in almost 38 android devices, belonging to a populous telecommunication company and multinational technology company, as mentioned by a multinational software provider check point software technologies in their blog.
In all the circumstances it is evident that the malware arrived with the device itself and was not downloaded as a result of customer’s use.
According to the findings, the malware already exists in the device, even before reaching to the users. However, the malware was not the part of the device’s actual ROM when provided by the vendor, yet it was injected somewhere along the supply chain.
The report says that in six cases a malicious actor, by accessing system privileges get through and supplemented the malware making impossible for the user to remove it which would only be eliminated by re-flashing the device.
“Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks, and one of them was Slocker, a mobile ransomware.” the check point report writes.
“Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications.”
Loki malware was the most notable rough adnet which targeted the device. The intricate malware works functions through accessing several different components; each has its own functionality and role in achieving the malware’s malicious goal.
Also, the malware presents illegitimate advertisements for revenue generating. Allowing the absolute control of the device and to acquire persistence, the malware as a part of its operation steals the device’s data and installs itself to the system.
Check Point Cyber Analyst Oren Koriat, in a blog post, noted that the most insidious aspect of pre-installed malware is that it can compromise the security of even the most careful users.
“The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge,” he said.
“To protect themselves from regular and pre-installed malware, users should implement advanced security measures capable of identifying and blocking any abnormality in the device’s behavior.”
The devices that were infected included:
- Galaxy Note 2
- LG G4
- Galaxy S7
- Galaxy S4
- Galaxy Note 4
- Galaxy Note 5
- Galaxy Note 8
- Xiaomi Mi 4i
- Galaxy A5
- ZTE x500
- Galaxy Note 3
- Galaxy Note Edge
- Galaxy Tab S2
- Galaxy Tab 2
- Oppo N3
- vivo X6 plus
- Nexus 5
- Nexus 5X
- Asus Zenfone 2
- LenovoS90
- OppoR7 plus
- Xiaomi Redmi
- Lenovo A850
The names of two businesses which had been affected are not disclosed by the check point.
Share this article
About the Author
Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.
More from Zehra AliRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
