Android Devices Gets Their Malware Somewhere In The Supply Chain

Android Malware
Android Malware

According to Check Point Software Technologies, Android devices from companies like Samsung, LG, Xiaomi, ZTE, Oppo, Vivo, Asus and Lenovo already have malware present in them before they reach the customer hands.

Check Point discovers various malwares ranging from info-stealers, ransomware like Slocker and Loki, which shows “illegitimate advertisements” to generate revenue while stealing device information and information stealers. The company says it analyzed 36 Android devices, belonging to a large telecommunications company and a multinational technology company.

Interestingly, Check Point researcher, Oren Koriat, says that none of the malware they detected was not downloaded to the device as a result of the users’ use, instead the devices arrived with malwares present in them. The malicious apps were not part of the official ROM supplied by the vendor and they were added somewhere along the supply chain.

According to Koriat, six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they could not be removed by the user and the device had to be re-flashed.

Pre-installed malware compromise the security even of the most careful users. In addition, a user who receives a device already having malware will not be able to notice any change in the device’s activity, which often occur once a malware is installed.

The malicious package names and devices they were spotted on are listed below. Since they were added after manufacture, vendors are not to blame.

Malware Device
com.fone.player1 Galaxy Note 2
LG G4 Galaxy S7
Galaxy S4
com.kandian.hdtogoapp Galaxy Note 4
Galaxy Note 8.0 Galaxy Note 2
Xiaomi Mi 4i
com.baycode.mop Galaxy A5
com.kandian.hdtogoapp Galaxy S4
com.iflytek.ringdiyclient ZTE x500 Galaxy A5
com.changba Galaxy S4
Galaxy Note 3
Galaxy S4
Galaxy Note Edge
Galaxy Note 4
com.example.loader Galaxy Tab S2 Galaxy Tab 2 Oppo N3
vivo X6 plus
com.mobogenie.daemon Galaxy S4 5 Asus Zenfone 2
com.skymobi.mopoplay.appstore LenovoS90
com.example.loader OppoR7 plus
com.yongfu.wenjianjiaguanli Xiaomi Redmi
air.fyzb3 Galaxy Note 4
com.ddev.downloader.v2 Galaxy Note 5
com.mojang.minecraftpe Galaxy Note Edge
com.androidhelper.sdk Lenovo A850

Security in Android devices is a very serious concerns due to its fragmentation. In last years Android security annual report, Google claimed that the company is taking Android security very seriously and now scans around 400 million devices and 6 billion installed apps each day. Recently, WikiLeaks revealed that CIA is working on tools and obtaining zero-day exploits for iOS and various devices including Android and Windows.


Edward Ramamoorthy

I work in one of the top 10 tech company in India. In my spare time I write for

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

You may also like...

1 Response

  1. f***k says:

    lit confused, no from Google, no from vendor then who the hell adding the malware??? are you meant sellers???