An alert had been issued by a software technologies company that specializes in providing Mobile Threat Prevention services. The company claimed that it has detected 38 android devices manufactures/models that are infected with a pre-installed malware. The pre-installed malware is said to have been injected in these android mobiles at some juncture of its supply chain. Researchers have claimed that the affected mobiles had got infected with the malware not as the result of download done by the users. The most surprising fact is that the malware was injected even before the users purchased them.
The findings point out to the fact that, the malware was not injected to the ROM supplied by the vendor. However, there are traces of the malware being loaded to the device ROM using system privileges. The device ROM in general cannot be altered at all unless the malicious actor has system privileges.
The research team involved were able to track when exactly the system applications was updated on the device by the manufacture. However, according to the details provided, it is now known that the malware was installed in the devices after the device was dispatched by the manufactures. The research team was also able to determine when the user purchased the device as well.
The research team shared the list of malwares that it detected in the affected devices. The detection report further highlighted a ransomware called Slocker that was found. It is the only known ransomware that uses file encryption method which involves usage of AES encryption algorithm to encrypt files. Once the files are encrypted the ransomware is programmed to automatically demand for ransom in return for the decryption key. According to F-Secure, Slocker is also used to communicate with its controller through TOR networks.
The presence of another deadly malware called “Loki” was found. The ‘Loki Malware’ is a adnet that takes control of the device and then proceeds towards achieving the malicious goals of the threat actor. One of the common reasons this malware is planted in devices is to display ads and earn revenue from it.
The list of malware detected and the affected devices are mentioned below:
MalwareDevices
com.fone.player1Galaxy Note 2, LG G4
com.lu.compassGalaxy S4, S7
com.kandian.hdtogoappGalaxy Note 4, Note 8
com.sds.android.ttpodGalaxy Note 2, Xiaomi Mi 4i
com.baycode.mopGalaxy A5
com.kandian.hdtogoappGalaxy S4
com.iflytek.ringdiyclientZTE x500
com.android.deketvGalaxy A5
com.changbaGalaxy S4, Galaxy Note 3, Galaxy Note Edge, Galaxy Note 4
com.example.loaderGalaxy Tab 2
com.armorforandroid.securityGalaxy Tab 2
com.android.ys.servicesOppo N3, Vivo X6 Plus
com.mobogenie.daemonGalaxy S4
com.google.googlesearchAsus ZenFone 2, ZenFone 5m LenovoS90
com.skymobi.mopoplay.appstoreLenovo S90
com.example.loaderOppo R7 Plus
com.yongfu.wenjianjiaguanliXiaomi RedMi
air.fyzb3Galaxy Note 4
com.ddev.downloader.v2Galaxy Note 5
com.mojang.minecraftpeGalaxy Note Edge
com.androidhelper.sdkLenovo A850
Employees today prefer accessing office data and emails on the move. To avoid mishaps it's time to take Cybersecurity Awareness Training today.