Android Devices Gets Their Malware Somewhere In The Supply Chain

Android Malware

According to Check Point Software Technologies, Android devices from companies like Samsung, LG, Xiaomi, ZTE, Oppo, Vivo, Asus and Lenovo already have malware present in them before they reach the customer hands.

Check Point discovers various malwares ranging from info-stealers, ransomware like Slocker and Loki, which shows “illegitimate advertisements” to generate revenue while stealing device information and information stealers. The company says it analyzed 36 Android devices, belonging to a large telecommunications company and a multinational technology company.

Interestingly, Check Point researcher, Oren Koriat, says that none of the malware they detected was not downloaded to the device as a result of the users’ use, instead the devices arrived with malwares present in them. The malicious apps were not part of the official ROM supplied by the vendor and they were added somewhere along the supply chain.

According to Koriat, six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they could not be removed by the user and the device had to be re-flashed.

Pre-installed malware compromise the security even of the most careful users. In addition, a user who receives a device already having malware will not be able to notice any change in the device’s activity, which often occur once a malware is installed.

The malicious package names and devices they were spotted on are listed below. Since they were added after manufacture, vendors are not to blame.

Malware Device
com.fone.player1 Galaxy Note 2
LG G4
com.lu.compass Galaxy S7
Galaxy S4
com.kandian.hdtogoapp Galaxy Note 4
Galaxy Note 8.0
com.sds.android.ttpod Galaxy Note 2
Xiaomi Mi 4i
com.baycode.mop Galaxy A5
com.kandian.hdtogoapp Galaxy S4
com.iflytek.ringdiyclient ZTE x500
com.android.deketv Galaxy A5
com.changba Galaxy S4
Galaxy Note 3
Galaxy S4
Galaxy Note Edge
Galaxy Note 4
com.example.loader Galaxy Tab S2
com.armorforandroid.security Galaxy Tab 2
com.android.ys.services Oppo N3
vivo X6 plus
com.mobogenie.daemon Galaxy S4
com.google.googlesearch 5 Asus Zenfone 2
LenovoS90
com.skymobi.mopoplay.appstore LenovoS90
com.example.loader OppoR7 plus
com.yongfu.wenjianjiaguanli Xiaomi Redmi
air.fyzb3 Galaxy Note 4
com.ddev.downloader.v2 Galaxy Note 5
com.mojang.minecraftpe Galaxy Note Edge
com.androidhelper.sdk Lenovo A850

Security in Android devices is a very serious concerns due to its fragmentation. In last years Android security annual report, Google claimed that the company is taking Android security very seriously and now scans around 400 million devices and 6 billion installed apps each day. Recently, WikiLeaks revealed that CIA is working on tools and obtaining zero-day exploits for iOS and various devices including Android and Windows.

Source

Edward Ramamoorthy Avatar

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter




Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesnโ€™t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Googleโ€™s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading