Malware found in at least 38 smartphone models belonging to popular smartphone manufacturer companies such as, Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by unknown companies have been found pre-loaded with two malware programs.
Two malware apps were detected on the infected devices named Loki and SLocker. The malware was not downloaded to the device as a result users use it without verifying.
According to the blog post published Friday by Check Point researchers, these malicious apps were not part of official ROM firmware supplied by the vendor but were installed later somewhere in the supply chain, before the handsets arrived at the two companies from the manufacturer’s factory.
A malicious adnet found in 6 mobile devices, APK com.google.googlesearch:
Loki malware, APK com.androidhelper.sdk:
Most of the malware found to be pre-installed on the devices were info-stealer and rough ad networks, and one of them was Slocker. Slocker uses the AES encryption algorithm to encrypt all files on the smartphone and demand ransom in return of the Key(decryption key). Slocker uses Tor for its C&C communications.
Loki malware is the complex malware also find pre-installed in smartphones. Loki malware functions itself in different modules each has its own role in achieving the malicious goal. The malware also displays the advertisement to generate revenue. The malware can take full control of the device by installing itself to the system.
List of Popular Smartphones Infected With Malicious App
- Galaxy Note 2
- LG G4
- Galaxy S7
- Galaxy S4
- Galaxy Note 4
- Galaxy Note 5
- Galaxy Note 8
- Xiaomi Mi 4i
- Galaxy A5
- ZTE x500
- Galaxy Note 3
- Galaxy Note Edge
- Galaxy Tab S2
- Galaxy Tab 2
- Oppo N3
- Vivo X6 plus
- Nexus 5
- Nexus 5X
- Asus Zenfone 2
- OppoR7 plus
- Xiaomi Redmi
- Lenovo A850
The Risk Of Pre-Installed Malicious Apps.
Pre-installed malicious apps can compromise the security even if the users have any mobile security application. In addition, a user device with malicious apps pre-installed will not able to notice any changes in the device activities.
Malicious software can make victim device root without any prior authorization and can take full control over the device. And even it can download other backdoor files on the device.
How To Remove Malware And Protect Yourself:
Since it is pre-installed, it is hard to remove but we will provide you with a way so that you can remove the malicious apps.
First, You can root your phone and can uninstall the malicious apps easily.
Many vendors provide one-click root software for the smartphone and are freely available. You can learn more about it here.
Either you can Flash your device(Hard Way), Flashing will reinstall the firmware/ROM completely.
And, It is recommended that to approach to a certified technician until then turn off your phone to stay protected.
It is not the first time that malicious apps were pre-installed on the popular smartphones to extract sensitive information from users.
In December last year, Low-cost android phones were found to be shipped with malicious firmware/ROM that extract information, displays ads on the top running apps used by the user and install unwanted APKs on the victim smartphone.