An alert had been issued by a software technologies company that specializes in providing Mobile Threat Prevention services. The company claimed that it has detected 38 android devices manufactures/models that are infected with a pre-installed malware. The pre-installed malware is said to have been injected in these android mobiles at some juncture of its supply chain. Researchers have claimed that the affected mobiles had got infected with the malware not as the result of download done by the users. The most surprising fact is that the malware was injected even before the users purchased them. 

The findings point out to the fact that, the malware was not injected to the ROM supplied by the vendor. However, there are traces of the malware being loaded to the device ROM using system privileges. The device ROM in general cannot be altered at all unless the malicious actor has system privileges.

The research team involved were able to track when exactly the system applications was updated on the device by the manufacture. However, according to the details provided, it is now known that the malware was installed in the devices after the device was dispatched by the manufactures. The research team was also able to determine when the user purchased the device as well.

The research team shared the list of malwares that it detected in the affected devices. The detection report further highlighted a ransomware called Slocker that was found. It is the only known ransomware that uses file encryption method which involves usage of AES encryption algorithm to encrypt files. Once the files are encrypted the ransomware is programmed to automatically demand for ransom in return for the decryption key. According to F-Secure, Slocker is also used to communicate with its controller through TOR networks.

The presence of another deadly malware called “Loki” was found. The ‘Loki Malware’ is a adnet that takes control of the device and then proceeds towards achieving the malicious goals of the threat actor. One of the common reasons this malware is planted in devices is to display ads and earn revenue from it.

The list of malware detected and the affected devices are mentioned below:


com.fone.player1Galaxy Note 2, LG G4 S4, S7

com.kandian.hdtogoappGalaxy Note 4, Note 8 Note 2, Xiaomi Mi 4i

com.baycode.mopGalaxy A5

com.kandian.hdtogoappGalaxy S4

com.iflytek.ringdiyclientZTE x500 A5

com.changbaGalaxy S4, Galaxy Note 3, Galaxy Note Edge, Galaxy Note 4

com.example.loaderGalaxy Tab 2

com.armorforandroid.securityGalaxy Tab 2 N3, Vivo X6 Plus

com.mobogenie.daemonGalaxy S4 ZenFone 2, ZenFone 5m LenovoS90

com.skymobi.mopoplay.appstoreLenovo S90

com.example.loaderOppo R7 Plus

com.yongfu.wenjianjiaguanliXiaomi RedMi

air.fyzb3Galaxy Note 4

com.ddev.downloader.v2Galaxy Note 5

com.mojang.minecraftpeGalaxy Note Edge

com.androidhelper.sdkLenovo A850

Employees today prefer accessing office data and emails on the move. To avoid mishaps it's time to take Cybersecurity Awareness Training today.

Date Published
March 18, 2017