Tag Archive for: preinstalled

Android Phones Shipping with Pre-Installed Malware – Global Village Space


Trend Micro, a cybersecurity research firm, has discovered a supply chain attack that has infected millions of Android devices with infostealer malware before they even leave the factory. The majority of the affected devices are budget smartphones, but the attack has also spread to smartwatches, smart TVs, and other smart devices. Senior Trend Micro researcher Fyodor Yarochkin and his colleague Zhengyu Dong spoke about this issue at a conference in Singapore, noting that the root of the problem lies in the fierce competition among original equipment manufacturers.

The issue stems from the fact that smartphone makers are not building all of the components themselves. For example, firmware is being built by third-party firmware suppliers. However, as the price of mobile phone firmware continued to drop, the providers were unable to charge money for their products. As a result, Yarochkin explained, the products started coming with an unwanted extra in the form of “silent plugins.” Trend Micro found dozens of firmware images looking for malicious software and 80 different plugins. Some plugins were part of a wider “business model” that was sold on dark web forums and even marketed on mainstream social media platforms and blogs.

These plugins are capable of stealing sensitive information from the device, stealing SMS messages, taking control of social media accounts, using the devices for ad and click fraud, abusing traffic, and more. One of the more serious problems is a plugin that allows the buyer to take full control of a device for up to five minutes and use it as an “exit node.”

Trend Micro says that close to nine million devices worldwide are affected by this supply chain attack, the majority of which are located in Southeast Asia and Eastern Europe. The researchers did not name the perpetrators, but they did mention China a few times.

This supply chain attack is a worrying development in the world of cybersecurity. It highlights the need for companies to be vigilant when it comes to their supply chains and to ensure that all components are thoroughly vetted before they are used in their products. It also underscores the importance of using…

Source…

Millions of Android phones come with pre-installed malware, and there’s no easy fix


Why it matters: The Google Play Store is notorious for harboring apps that contain malware, adware, or some flavor of spyware or fleeceware. A little-known fact is that hackers are increasingly turning to pre-installed apps to do their misdeeds, but researchers are once again trying to raise attention to this growing trend. Millions of affordable Android phones come with a large number of pre-installed apps, and hackers only need to subvert one. Solving this problem, however, is a much more difficult task compared to dealing with rogue apps that make it into the Play Store.

Last month, we learned that malware had been discovered in 60 Android apps with over 100 million downloads – another black eye for the mobile operating system that has an estimated three billion active users worldwide. Malicious developers regularly exploit various loopholes in Google’s app vetting process to create apps that steal login credentials or fleeceware that squeeze as much as $400 million per year from users by tricking them into signing up for expensive in-app subscriptions.

However, researchers at Trend Micro are sounding the alarm about the growing trend of Android devices that come with malicious software pre-installed. While you can easily remove an app you’ve downloaded from the Play Store, dealing with malware baked into system apps or device firmware is a much more difficult task.

Android’s open nature allows manufacturers to create a wide range of phone models and target price-conscious consumers with more affordable options, but it also opens the door for hackers to sneak in malicious code before those devices even leave the factory floor. And this risk also applies to other Android devices – everything from smartwatches to tablets, set-top boxes, and smart TVs.

Senior Trend Micro researcher Fyodor Yarochkin says pre-installed malware has become a lot more common in recent years partly because of a race to the bottom among mobile firmware developers. Once it became unprofitable to sell firmware, many of them started offering it for free.

As you’d expect, there’s a catch to this new business model – many of the firmware images analyzed by Trend Micro contained bits…

Source…

Malware found preinstalled In push-button phones sold In Russia


Credit: ValdikSS

Malicious code was identified in the firmware of four low-cost push-button phones sold through Russian internet stores, according to a security researcher.

Push-button phones such the DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were captured subscribing users to premium SMS services and intercepting incoming SMS messages to avoid detection, according to a report published this week by a Russian security researcher named ValdikSS.

Even if the phones didn’t have an internet browser, the devices discreetly notified a remote internet server when they were activated for the first time, according to ValdikSS, who set up a local 2G base station to intercept the phones’ connections.

ValdikSS says he put five ancient phones he acquired online to the test. A fifth phone, the Inoi 101, was also put to the test, but none of the devices were found to be malicious.

Credit : therecord.media

All of the distant servers that received this activity, according to ValdikSS, were located in China, where all of the devices were also made before being re-sold on Russian internet retailers as low-cost substitutes to more popular push-button phone options, such as Nokia’s.

Although the malicious code was discovered in the phone’s firmware, the researcher couldn’t say if it was installed by the manufacturer or by third parties that supplied the firmware or handled the phones during distribution.

Backdoors, mobile phone supply chains, and malware

While audacious, such events are no longer uncommon, and identical cases have been identified on multiple occasions in the last five years.

  • November 2016 – According to reports from Kryptowire and Anubis Networks, two Chinese businesses that made firmware components for major Chinese phone manufacturers discreetly embedded a backdoor-like functionality in their code.
  • December 2016–  Dr.Web discovered malware in the firmware of 26 different Android smartphone models.
  • July 2017  – Dr.Web discovered Triada banking trojan versions buried in the firmware of a number of Android cellphones.
  • March 2018 – The identical Triada malware was discovered in the firmware of 42 different Android smartphone models by Dr.Web.
  • May 2018 –…

Source…