It is bit difficult to digest but yes you read it correctly -- your new phone may come with malware preinstalled.
According to a detailed report by Check point Security, nearly 35 smartphones come with different natures of malware across brands like Samsung, Asus, Xiaomi, Lenovo, Oppo, Vivo and ZTE.
“The Check Point Mobile Threat Prevention has recently detected a severe infection in 36 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it,” the company said in a statement.
“The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain,” the report claimed, further adding that “Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”
Here is the list of phones that come with malware preinstalled:
Asus: Zenfone 2
Lenovo: A850, S90
Oppo: N3, R7 Plus
Samsung: Galaxy Note 2, Galaxy Note 3, Galaxy Note 4, Note 5, Galaxy Note Edge, Galaxy A5, Galaxy Tab S2, Galaxy S4 and Galaxy S7
Vivo: X6 Plus
Xiaomi: Mi 4i, Redmi (no specific SKU, maybe all? Unclear)
“Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks, and one of them was Slocker, a mobile ransomware. Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications,” the report claims.
It also added that the most notable rough adnet which targeted the devices is the Loki Malware. Loki malware operates by using several different components; each has its own functionality and role in achieving the malware’s malicious goal.
According to the report, the malware displays illegitimate advertisements to generate revenue. As part of its operation, the malware steals data about the device and installs itself to system, allowing it to take full control of the device and achieve persistency.
But the report is worrisome as preinstalled malware is very difficult to detect for the user as it will show no changes in the functioning of the device unlike other malwares that enter the operating system when an user clicks on a rogue link.
“To protect themselves from regular and pre-installed malware, users should implement advanced security measures capable of identifying and blocking any abnormality in the device’s behaviour,” the report suggests.