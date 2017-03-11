Photo: Getty

Cyber Security firm Check Point has found malware on 38 Android devices from two separate corporate clients. That wouldn’t be a huge surprise but what they found worthy of note was that the malware was preinstalled “somewhere along the supply chain,” according to a blog post by the company.



From the post:

Advertisement

Advertisement

According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.

Little detail was given about the clients. They are only identified as a “large telecommunications company and a multinational technology company.” The advisory does list which forms of malware were found on which devices. Most of the devices contained info-stealers and adware. But one phone contained ransomware, which in the right hands and targeting the right company could be a very big deal.

These are the malware-infected devices that Check Point has named:

Sponsored

Galaxy Note 2

LG G4

Galaxy S7

Galaxy S4

Galaxy Note 4

Galaxy Note 5

Galaxy Note 8

Xiaomi Mi 4i

Galaxy A5

ZTE x500

Galaxy Note 3

Galaxy Note Edge

Galaxy Tab S2

Galaxy Tab 2

Oppo N3

vivo X6 plus

Nexus 5

Nexus 5X

Asus Zenfone 2

LenovoS90

OppoR7 plus

Xiaomi Redmi

Lenovo A850

To be clear, this does not mean that all models of those phones are infected with the malware that Check Point found. But it does mean at some point in the supply chain process, the malware was added to the phones and the owners might think they’re just fine because they haven’t even added an app or clicked a link from a Nigerian prince yet.

Advertisement

The lesson here is to install a malware scanner on Android devices as soon as they’re out of the box. There are lots of trusted options available like Lookout, Malwarebytes and Kaspersky.

One of the biggest takeaways of the Wikileaks dump of alleged CIA hacking documents is that if the phone itself is compromised, hackers can access any information in any app. While iPhone is understood to be more secure it’s not invulnerable either. But Android is certainly more flawed. A 2015 study found that 85% of Android devices contained at least one critical security vulnerability.

Advertisement

Scan that device and if malware is found that can’t be removed, get in touch with the manufacturer.

[Check Point via Ars Technica]