Pre-installed Malware Found on 36 Android Devices including Samsung, OPPO and Xiaomi

Check Point Security researchers have recently discovered traces of severe infection in almost 36 Android devices which came pre-installed.

These devices includes smartphones and tablets belonging to a large telecommunications company, as well as a multinational technology firm.

These malware and viruses were pre-installed on the devices, even before the users received them. The malicious apps containing these viruses were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain.

It affected many devices from various brands, which include the following:

  • Samsung Galaxy Note2
  • LG G4
  • Samsung Galaxy S7
  • Samsung Galaxy S4
  • Samsung Galaxy Note4
  • Samsung Galaxy Note5
  • Xiaomi Mi 4i
  • Xiaomi Redmi
  • ZTE X500
  • Samsung Galaxy Note3
  • Samsung Galaxy Note Edge
  • Samsung Galaxy Tab S2
  • Samsung Galaxy A5
  • Vivo X6 Plus
  • Asus Zenfone 2
  • Lenovo S90
  • Oppo R7 Plus
  • Oppo N3
  • Lenovo A850

Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks, and one of them was Slocker, a mobile ransomware.

Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications.

Check Point also notes that the most notable malware found on some these devices was Loki malware.

It displays illegitimate advertisements to generate revenue. As part of its operation, the malware steals data about the device and installs itself to system, allowing it to take full control of the device and achieve persistency.

Pre-installed malware raises serious concerns:

It merits mentioning here that normally some users download malware unknowingly on their devices, however pre-installed malware compromise the security even of the most careful users.

In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity which often occur once a malware is installed.

The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users can get devices which contain backdoors without their knowledge.

If you want to check whether your device contains any malware or not, do install security apps like Lookout or Malwarebytes Anti-Malware. Those might not be able to remove the malware completely but will surely let you know if there’s any.