BEACON TRANSCRIPT – The cyber security company Check Point announced that they had found malware on 38 Android devices that came from two separate corporate companies. This might come as no surprise, but the worrying part is the fact that the malware was pre-installed within the supply chain.
The blog post published by Check Point stated how the malicious apps were already present when the users purchased the devices.
“According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”
However, Check Point did not reveal who were the clients that produced the phones in question. They refused to give names and said that the companies in question were a large telecommunications company and a multinational technology company.
They published a list with the malicious apps and the devices infected with the malware. The majority of apps were adware and info stealers. However, one of the phones contained ransomware, which is quite worrying if it is used by the wrong hands and reaches companies.
Here are some of the devices infected with malware. They include different brands of Samsung Galaxy (Note 2, 3, 4, 5, 8, and Edge, S4, S7, A5, Tab S2), LG G4, Lenovo S90 and A850, or Nexus 5 and 5X. Check Point assured users that not all models of these devices were infected.
At some point in the supply chain process, these apps were added and the users might not find them problematic, since they knew they did not click any suspicious link. However, they should pay attention to anything that pops up on their screen.
Check Point advise all Android users to install a malware scanner on their phones. Some of the trustworthy options include Kaspersky, Malwarebytes, or Lookout. The security company warns that any information can be accessed if the phone is infected.
A study performed in 2015 found that Android phones were more vulnerable to security issues than iPhones, with 85 percent of them containing at least one critical security flaw. Thus, Check Points advises users to scan their phone and contact the manufacturer if they experience problems with removing the malware app.
Image Source: Max Pixel