Millions of Android Devices Shipped with Pre-Installed Malware
Millions of Android phones are shipping with pre-installed malware installed, according to cybersecurity researchers from Trend Micro. A worrying supply chain attack has been discovered in which millions of Android devices are infected with infostealer malware before they even make it out of the factory. The affected devices are mostly budget smartphones, but the attack has also spilled into smartwatches, smart TVs, and other smart devices.
Contents
The Root of the Problem
Senior Trend Micro researcher Fyodor Yarochkin and his colleague Zhengyu Dong recently spoke about this issue at a conference in Singapore. They noted that the root of the problem stems from brutal competition among original equipment manufacturers (OEMs). Smartphone makers aren’t making all of the components themselves. Firmware, for example, is being built by a third-party firmware supplier. However, as the price of mobile phone firmware kept dropping, the providers ended up being unable to charge money for their products. As a result, Yarochkin explained, the products started coming with a little unwanted extra in the form of “silent plugins.”
Trend Micro found “dozens” of firmware images looking for malicious software and 80 different plugins. Some plugins were part of a wider “business model,” the researchers said, and were sold on dark web forums and even marketed on mainstream social media platforms and blogs. These plugins are capable of stealing sensitive information from the device, stealing SMS messages, taking control of social media accounts, using the devices for ad and click fraud, abusing the traffic, and much more. One of the more serious problems, as The Register stressed, is a plugin that allows the buyer to take full control of a device for up to five minutes and use it as an “exit node.”
The Extent of the Problem
Trend Micro says the data suggests that close to nine million devices worldwide are affected by this supply chain attack, the majority of which are located in Southeast Asia and Eastern Europe. The researchers didn’t want to name the perpetrators, but they did mention China a few times, the publication concluded.
As we can see, this is a severe problem affecting a large number of devices. The infostealer malware can compromise the personal information of the users and can cause significant financial and reputational damage.
How do these Pre-Installed Malware Infect the Device?
To better understand how these malware infect the device, we need to understand the supply chain of the mobile phone industry. The mobile phone supply chain is a complex web of vendors, suppliers, and original equipment manufacturers (OEMs) who all play a crucial role in delivering a finished product to the end-user.
The infostealer malware that is infecting millions of Android devices is being inserted into the firmware of the devices. The firmware is responsible for controlling the device’s hardware and software. It is an essential component of the device that cannot be removed or modified easily.
When the firmware is being developed, third-party firmware suppliers provide a pre-made package that OEMs use to integrate into the device’s hardware. These packages contain silent plugins that infect the device with malware.
These plugins are challenging to detect, as they operate in the background of the device without the user’s knowledge. They are also difficult to remove, as they are integrated into the firmware of the device. This makes it difficult for users to protect themselves from these types of malware.
How to Protect Yourself from Infostealer Malware?
The best way to protect yourself from infostealer malware is to ensure that you purchase your mobile phone from a trusted vendor. You should also ensure that you keep your device’s software up to date, as this will help protect against known vulnerabilities that could be exploited by malware.
The infostealer malware that is infecting millions of Android devices is being inserted into the firmware of these devices. Firmware is responsible for controlling a device’s hardware and software, making it an essential component that cannot be easily removed or modified.
During the firmware development process, third-party firmware suppliers provide pre-made packages that OEMs integrate into the device’s hardware. These packages contain silent plugins that infect the device with malware.
These plugins are difficult to detect because they operate in the background of the device without the user’s knowledge. They are also challenging to remove since they are integrated into the firmware of the device, making it difficult for users to protect themselves from these types of malware.
To protect yourself from infostealer malware, it is important to purchase your mobile phone from a trusted vendor. Additionally, keeping your device’s software up to date can help protect against known vulnerabilities that could be exploited by malware.
It is also crucial to install antivirus software on your device to protect against malware and regularly scan for potential threats. Being cautious when downloading apps and only downloading from trusted sources can also help reduce the risk of malware infections.
Via: The Register
One Comment