Researchers from Trend Micro said that millions of Android smartphones have been pre-infected with malware by cyber criminals before they’ve even left the production floor.
Also infected are some smartwatches, smart TVs, and other devices. Albeit, Android smartphones are the majority. But how could they infect these devices right from the factory?
Many companies produce mobile phones by outsourcing the process from the original equipment manufacturer (OEM). It’s an affordable method but is full of risks.
One of those risks is that OEMs can be easily penetrated by a third-party (i.e. firmware provider), which can then infect smartphones with malware before they even leave the factory.
Related
- Why you should always update your antivirus software
- Guide: Running a virus scan on your Android device
As per Fyodor Yarochkin of Trend Micro, this new malware infiltration method began when the cost of smartphone firmware dropped due to the intense competition between distributors.
So to make money, some firmware suppliers apparently started to include malicious silent features that would steal user information and sell it for profit.
By analyzing telemetry data, the researchers concluded that there are millions of devices affected across the world, which are mostly in Southeast Asia and Eastern Europe. In fact, even the culprit themselves admitted that there are about 8.9 million infected devices.
Trend Micro discovered over 80 plugins from several firmware images, but a lot of them weren’t used extensively.
But, those with the most harmful impact were plugins that looked legit with business models developed around them and were even promoted on sites like Facebook, YouTube, and others.
The malicious plugins will turn infected devices into mobile proxies and will use them to steal and sell personal data.
Trend Micro said that the malware is present from at least 10 vendors, but there could be up to 40 more.
How to be safe from this malware? Researchers suggest going for high-end phones from brands like Samsung, and Google as they “took care of their supply chain security relatively well, but for threat actors, this is still a very lucrative market.”
Via: The Register