Security researchers have discovered pre installed malware from two unidentified companies installed on 38 popular Android smartphones.
The malware, which is describe as a ‘severe infection’ comes from a “multinational technology company” and “large telecommunications company”, researchers from Check Point’s Mobile Threat Prevention team said in a blog post.
What makes the discovery of the malware particularly alarming is that the malware was not downloaded onto the device by the user but instead came pre installed.
Check Point said the apps were not part of the official ROM issued by the phone manufacturers but were added later at some point in the supply chain.
In six instances, the malware was added to the devices using ROM system privileges meaning they could not be removed by the user and instead would need a complete reinstall of the device’s firmware to remove them from the device.
Check Point said that most of the malware was used to steal user information or for programs that would display ads on the infected devices in a bid to generate fraudulent ad revenue.
Among the malware discovered was a strain known as Slocker, which is a form of ransomware capable of locking all the files on an infected device before demanding a ransom from the user to unlock the files.
Another form of dangerous malware known as Loki was also discovered, which shows illegitimate ads in order to generate ad revenue and can also siphon user data from the infected device.
“Pre-installed malware compromise the security even of the most careful users,” researchers said.
“In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity which often occur once a malware is installed.”
“As a general rule, users should avoid risky websites and download apps only from official and trusted app stores,” they added.
“However, following these guidelines is not enough to ensure their security.
“Pre-installed malware compromise the security even of the most careful users. In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity which often occur once a malware is installed. Users could receive devices which contain backdoors or are rooted without their knowledge.”
A full list of infected devices reveals that some of the most popular Android smartphones and tablets were found to be carrying the two strains of malware:
Asus Zenfone 2 (5 devices)
LenovoS90 (2 devices)
Nexus 5 (2 devices)
Samsung Galaxy A5 (2 devices)
Samsung Galaxy Note 2 (2 devices)
Samsung Galaxy Note 3
Samsung Galaxy Note 4 (3 devices)
Samsung Galaxy Note 5
Samsung Galaxy Note 8.0
Samsung Galaxy Note Edge
Samsung Galaxy S4 (5 devices)
Samsung Galaxy S7
Samsung Galaxy Tab 2 (2 devices)
Samsung Galaxy Tab S2
Xiaomi Mi 4i
vivo X6 plus
Check Point added that it is not clear if the malware was added in a bid to try and hack the unnamed companies or if it was part of a wider crime targeting more companies and devices, the full details of which are yet to be discovered.
Check Point also said that it doesn’t know where the infected phones were obtained, suggesting it does not know if the malware is specific to a particular region.
This latest news underlines why it is never a bad idea to scan even a brand new Android device with an anti-virus app.