{"id":6954,"date":"2017-03-13T08:30:21","date_gmt":"2017-03-13T16:30:21","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/13\/news-745\/"},"modified":"2017-03-13T08:30:21","modified_gmt":"2017-03-13T16:30:21","slug":"news-745","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/03\/13\/news-745\/","title":{"rendered":"Android devices coming with preinstalled malware"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2016\/12\/android-studio-4-plugins-100697513-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Darlene Storm| Date: Mon, 13 Mar 2017 07:52:00 -0700<\/strong><\/p>\n<p>The phone, given to you by your company, could be targeted at some point and end up with a malware infection, but you wouldn\u2019t expect the malware to be preinstalled \u201csomewhere along the supply chain.\u201d Yet preinstalled malware is precisely what one security vendor found on 38 Android devices.<\/p>\n<p>Check Point Software Technologies did not name the affected companies, saying only that the phones belonged to \u201ca large telecommunications company\u201d and \u201ca multination technology company.\u201d A good chunk of the infected phones were Samsung models, but phones by Lenovo, LG, Asus, ZTE, Vivo, Oppo and Xiaomi were also preinstalled with malware after leaving the manufacturers but before landing in the hands of the companies\u2019 employees.<\/p>\n<p>Check Point <a href=\"http:\/\/blog.checkpoint.com\/2017\/03\/10\/preinstalled-malware-targeting-mobile-users\/\" target=\"_blank\">explained<\/a> that the malware was \u201calready present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device\u2019s ROM using system privileges, meaning they couldn\u2019t be removed by the user and the device had to be re-flashed.\u201d<\/p>\n<p>The infected Android devices were tainted with various types of malware, with most being info-stealers and malicious ad networks; Check Point called Loki the most notable malware. One device came preinstalled with the mobile ransomware Slocker which encrypts all the files on a phone, demands a ransom in exchange for the decryption key, and communicates with its C&amp;C server via Tor.<\/p>\n<p>The malware was not always found in the same app. Check Point included the full list of malware, SHA hashes and affected devices. The list originally included 38 Android devices, but Check Point removed Nexus 5 and Nexus 5X without giving a detailed explanation.<\/p>\n<p>The 36 remaining malware-tainted devices included these models:<\/p>\n<p>Even if users are careful by avoiding risky sites and install apps only from trusted sources like the Play Store, Check Point said that is not enough to guarantee their security. \u201cPre-installed malware compromise the security even of the most careful users. In addition, a user who receives a device already containing malware will not be able to notice any change in the device\u2019s activity which often occur once a malware is installed.\u201d<\/p>\n<p>Hopefully you do use a malware scanner on your mobile devices. Keep in mind that not all mobile security apps are created equal.<\/p>\n<p>This last little nugget has nothing to do with Check Point and malware coming preinstalled on Android, but it struck me as funny. ESET malware researcher Lukas Stefanko tweeted:<\/p>\n<p dir=\"ltr\" lang=\"en\">This Android Antivirus app detects itself with high risk \ud83d\ude00<a href=\"https:\/\/t.co\/L4DCtWoWVb\">https:\/\/t.co\/L4DCtWoWVb<\/a><a href=\"https:\/\/twitter.com\/hashtag\/DIY?src=hash\">#DIY<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/antivirus?src=hash\">#antivirus<\/a> <a href=\"https:\/\/t.co\/k4GVil1LJp\">pic.twitter.com\/k4GVil1LJp<\/a><\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3179841\/android\/android-devices-coming-with-preinstalled-malware.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt2.staticworld.net\/images\/article\/2016\/12\/android-studio-4-plugins-100697513-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Darlene Storm| Date: Mon, 13 Mar 2017 07:52:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>The phone, given to you by your company, could be targeted at some point and end up with a malware infection, but you wouldn\u2019t expect the malware to be preinstalled \u201csomewhere along the supply chain.\u201d Yet preinstalled malware is precisely what one security vendor found on 38 Android devices.<\/p>\n<p>Check Point Software Technologies did not name the affected companies, saying only that the phones belonged to \u201ca large telecommunications company\u201d and \u201ca multination technology company.\u201d A good chunk of the infected phones were Samsung models, but phones by Lenovo, LG, Asus, ZTE, Vivo, Oppo and Xiaomi were also preinstalled with malware after leaving the manufacturers but before landing in the hands of the companies\u2019 employees.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3179841\/android\/android-devices-coming-with-preinstalled-malware.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10462,11073,11065,714],"class_list":["post-6954","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-android","tag-malware-vulnerabilities","tag-mobile-wireless","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6954"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6954\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}