Android Phones Caught Selling with Pre-Installed Factory Malware

[Starbuck]

Malware injected in firmware of more than 40 models

 

https://i.imgur.com/NZAiJUs.jpg

 

More than 40 Android phone models, most of them manufactured by companies in China, ship with pre-installed malware that was injected into the firmware straight from the factory.

 

Security company Dr. Web says that it came across a new Trojan called Android.Triada.231 in the firmware of several Android devices back in mid-2017, and after an in-depth research, it discovered that over 40 models are likely to be affected.

 

Most of the compromised phones are in the low-end category, and they include devices from Leagoo, Doogee, Umi, and Cubot.

Newer models include the Leagoo M9 launched in December.

 

Dr. Web explains that it contacted the affected companies to report the problem, and it discovered that at least in one case, the culprit was a partnership with a software developing company in Shanghai which required Android OEMs to pre-install one of its apps into the image of the mobile operating system.

 

Stealing confidential information

 

As for how dangerous the malware can be for Android users purchasing these phones, the security firm says it can steal confidential information, like banking data and personal details.

 

“These Trojans infect the process of an important Android system component, Zygote.

This process is used to launch all applications.

Once the Trojans inject into this module, they penetrate other running applications,” Dr. Web explains in its analysis.

 

“In doing so, they obtain the ability to carry out various malicious activities without a user’s intervention: they covertly download and launch software.

The key feature of Android.Triada.231 is that cybercriminals inject this Trojan into the libandroid_runtime.so system library.

They do not distribute the Trojan as a separate program.

As a result, the malicious application penetrates the device firmware during manufacture.

Users receive their devices already infected from the box.”

 

The security company warns that the number of Android phones possibly shipping with the same malware could be bigger, though for the time being, only the models below have been confirmed to be compromised.

 

Removing the malware from a phone isn’t possible without installing a clean version of the operating system, in which case the manufacturer is the only one that can help.

If the device is rooted, security applications can help clean the infection.

 

Leagoo M5

Leagoo M5 Plus

Leagoo M5 Edge

Leagoo M8

Leagoo M8 Pro

Leagoo Z5C

Leagoo T1 Plus

Leagoo Z3C

Leagoo Z1C

Leagoo M9

ARK Benefit M8

Zopo Speed 7 Plus

UHANS A101

Doogee X5 Max

Doogee X5 Max Pro

Doogee Shoot 1

Doogee Shoot 2

Tecno W2

Homtom HT16

Umi London

Kiano Elegance 5.1

iLife Fivo Lite

Mito A39

Vertex Impress InTouch 4G

Vertex Impress Genius

myPhone Hammer Energy

Advan S5E NXT

Advan S4Z

Advan i5E

STF AERIAL PLUS

STF JOY PRO

Tesla SP6.2

Cubot Rainbow

EXTREME 7

Haier T51

Cherry Mobile Flare S5

Cherry Mobile Flare J2S

Cherry Mobile Flare P1

NOA H6

Pelitt T1 PLUS

Prestigio Grace M5 LTE

BQ 5510

 

Source:

Android Phones Caught Selling with Pre-Installed Factory Malware

[AWS]

This is crazy. Manufacturers better tighten up quality control.

[RustyKnight]

I don't recognise any of the names on the list, they must be all cheap crappy phones!

[KenB]

...they must be all cheap crappy phones!

Yep - but it is people who buy these low end phones who can ill-afford to have their bank / credit card etc hacked :(

[RustyKnight]

No one can afford to have their bank/credit card hacked!

[KenB]

No one can afford to have their bank/credit card hacked!

True - nobody wants their account hacked but there are still those who have their life savings in just one account. :)

Edited March 7, 2018 by KenB