After the scandal of the Bluetooth phones infected by a spyware, Humming Whale malware that had found its way into several dozen apps on the Play Store, here is a new case that comes to shake the world of security under Android.
Indeed, experts at Checkpoint Technology Software have identified that some Android phones come with a malware pre-installed before the sale.
This is not the first, and certainly not the last time that security researchers are alarmed about a case of malicious software under Android, but this time, the method to worry.
Researchers at CkeckPoint Software Technologies, who originally discovered humming whale, have just published a blog post explaining that some Android phones of different brands were infested with one or more malware before they even reached the hands of Consumers.
According to the experts, the malware would not be installed by the manufacturers or by NSA agents who intercept equipment, but by intermediaries in the marketing channel.
The responsible companies are not named, as Checkpoint merely states that one is “a large telecommunications company” and the other a “multinational technology company”.
From adware to ransomware
This malware is installed directly on the ROM with system privileges, meaning that only a complete reinstallation from a healthy system image can fix the problem. Unfortunately, not all manufacturers offer this option.
The nature of the software varies; Some mobile phones are infected with adware used for inappropriate advertising, others steal user information, and researchers even discovered a ransomware called Slacker, which encrypted the mobile data and demanded a ransom to Access to the user. The identity of the pirates is masked by TOR.
Checkpoint Technology has identified 36 affected mobiles from various manufacturers. Xiaomi Mi 4i, Oppo N3, Vivo X6, but also Samsung or LG phones such as the Galaxy Note 2, Note 7 or LG G4. In short a wide range of devices.
It is not known if the practice affects mobiles sold in Europe. Scanning your phone with Lookout, MalwareBytes or Checkpoint Software Technologies application is not a bad idea.