Android Phones Shipping with Pre-Installed Malware – Global Village Space
Trend Micro, a cybersecurity research firm, has discovered a supply chain attack that has infected millions of Android devices with infostealer malware before they even leave the factory. The majority of the affected devices are budget smartphones, but the attack has also spread to smartwatches, smart TVs, and other smart devices. Senior Trend Micro researcher Fyodor Yarochkin and his colleague Zhengyu Dong spoke about this issue at a conference in Singapore, noting that the root of the problem lies in the fierce competition among original equipment manufacturers.
The issue stems from the fact that smartphone makers are not building all of the components themselves. For example, firmware is being built by third-party firmware suppliers. However, as the price of mobile phone firmware continued to drop, the providers were unable to charge money for their products. As a result, Yarochkin explained, the products started coming with an unwanted extra in the form of “silent plugins.” Trend Micro found dozens of firmware images looking for malicious software and 80 different plugins. Some plugins were part of a wider “business model” that was sold on dark web forums and even marketed on mainstream social media platforms and blogs.
These plugins are capable of stealing sensitive information from the device, stealing SMS messages, taking control of social media accounts, using the devices for ad and click fraud, abusing traffic, and more. One of the more serious problems is a plugin that allows the buyer to take full control of a device for up to five minutes and use it as an “exit node.”
Trend Micro says that close to nine million devices worldwide are affected by this supply chain attack, the majority of which are located in Southeast Asia and Eastern Europe. The researchers did not name the perpetrators, but they did mention China a few times.
This supply chain attack is a worrying development in the world of cybersecurity. It highlights the need for companies to be vigilant when it comes to their supply chains and to ensure that all components are thoroughly vetted before they are used in their products. It also underscores the importance of using…