At least 36 high-end smartphone from popular companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo were found to be pre-loaded with malware.
This malware was detected by Check Point in a scan conducted on Android devices. The security company found out two malware families on the infected devices: Loki and SLocker.
According to a post on Friday by them researchers of Check Point, these malicious applications were not part of the official ROM firmware provided by the smartphone manufacturers, but were installed later somewhere along the way from the manufacturing plants to the distribution chain, and before the devices reached the hands of the consumer.
The Loki trojan was first seen in February of 2016. Malicious software strikes the devices in the basic operating system of the Android operating system to acquire root rights. The trojan also includes spyware features, and intercepts the list of applications that are used, browsing history, contacts list, call history, and location data.
On the other hand, SLocker is a mobile ransomware that locks the devices of his victims for ransom and communicates via Tor in order to hide the identity of his creators.
Below is the list of infected smartphones:
- Galaxy Note 2
- LG G4
- Galaxy S7
- Galaxy S4
- Galaxy Note 4
- Galaxy Note 5
- Xiaomi Mi 4i
- Galaxy A5
- ZTE x500
- Galaxy Note 3
- Galaxy Note Edge
- Galaxy Tab S2
- Galaxy Tab 2
- O
- Vivo X6 plus
- Nexus 5
- Nexus 5X
- Asus Zenfone 2
- LenovoS90
- OppoR7 plus
- Xiaomi Redmi
- Lenovo A850
The backdoor offers unrestricted access to the infected systems. The hacker can perform downloads, installations and activation κακόβουλων εφαρμογών στο Android, διαγραφή των δεδομένων του χρήστη, απεγκατάσταση του λογισμικού ασφαλείας και απενεργοποίηση των εφαρμογών του συστήματος, για την κλήση αριθμών τηλεφώνου premium.
The incident highlights the dangers of acquiring devices from unreliable distribution chains, and experts are concerned about security after having reported over 20 incidents where retailers are able to pre-install malicious software on new Android devices.
How to Remove Malware:
Malware applications are installed on the device ROM, using system privileges, and so it is difficult to get rid of them.
To remove the malware from infected systems, you will need to root your device and uninstall the malware, or you will need to reinstall the firmware/ROM via a procedureς που ονομάζεται "Flashing."
Flashing is a complex process, and is especially recommended for novice users to turn off the device and seek help from a certified technician or mobile service provider.
The full list of malicious apps is available in its release Check Point.
