• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

Preinstalled Malware Found on 38 Android Devices Delivered to Two Companies

  • Thread starter
  • Admin
  • #1


Admin & Security Team
Feb 19, 2010
Midlands, UK
PC Experience
Very Experienced
The phones came with malware, ransomware, adware installed

Somewhere in the supply chain of some Android phones that reached two companies, there was a weak link which allowed 38 devices to become infected with malware.

According to Check Point Software Technologies, several malware types were found on 38 Android devices that landed on the doorstep of two unidentified companies.
The malicious apps weren't part of the official ROM firmware supplied by phone manufacturers but were added later, somewhere along the supply chain.

Researchers say that in six of the cases, malware was present installed to the ROM using system privileges.
All these devices had to go through a complete install of the firmware in order for the malware to be removed.

While details were not given about the full extent of the attack, it seems that most malicious apps were trying to steal people's information, while also trying to get them to tap on various ads.

"Loki" malware was found on the devices, a malicious program looking to gain system privileges, while ransomware "Slocker" was discovered on others, using the Tor network to hide the identity of the operators.

A wide range of attacked devices

As mentioned, there were 38 devices affected, and while they all operate with Android, they're not the same.
The infected devices list includes Galaxy Note 2, LG G4, Galaxy S7, Galaxy Note 4, Galaxy Note 5, Galaxy Note 8, Galaxy A5, Xiaomi Mi 4i, ZTE x500, Galaxy Note 3, Galaxy Note Edge, Galaxy Tab S2, Galaxy Tab 2, Oppo N3, Asus Zenfone 2, viva X6 plus, Lenovo S90, Oppo R7 plus, Xiaomi Redmi and Lenovo A850.

This isn't the first time such an attack has taken place.
Several times in the past few years, Android phones have been shipped preinstalled with some of these nasty apps trying to gain control over people's phones and data.

Researchers at Check Point refuse to say whether this was a targeted attack on the two companies, but at this point, it doesn't seem unlikely.
It would be interesting to know who supplied the phones to the unnamed companies.

This goes on to reinforce the idea that it may not be a bad idea to run a malware check before you even start using your phone and installing any of the apps you regularly use.

Top Bottom