Previously, there were report about infecting android devices with malware through the Apps downloaded from Android Stores. It is only getting worse with time. Recently android devices of various vendors were found with pre-installed malware. They were discovered to be loaded with malwares pre-installed somewhere along the supply chain.
Check Point Software Technologies said that it found that 38 Android handsets were infected with adware, information-stealing malware & ransomware, a collection of malicious code as sundry as the number of different manufacturers. Furthermore, these malicious software Apps were not part of the official ROM firmware supplied by the smartphone manufacturers. Rather they were installed later, just before the handsets arrived at the awaiting distribution companies from the manufacturer’s factory.
Most likely the devices were tampered with at a retail location, and then were sold to the market. Fortunately, all 38 devices have been re-mediated through Check Point’s products, but it is entirely possible that more devices in the wild that were similarly infected.
Check Point said it found six devices infected with the Loki Trojan and several others with a mobile ransomware called Slocker.
First seen in February 2016, Loki Trojan is a malicious ad network. It is injected in the devices right inside core Android operating system processes to achieve all root privileges. This trojan includes spyware-like features. Furthermore, It can display ads to generate revenue, has mechanisms to maintain persistence, and it can intercept communication and exfiltrate data from an Android device.
Slocker, a mobile ransomware, locks victim’s devices for ransom using encryption and uses the Tor network for command and control communication.
List of infected smartphones mentioned below
To eradicate the malware from the infected devices, you can root your device and uninstall the malware Apps easily. If that does not work, you can completely reinstall the phone firmware/ROM.
Thank you for reading it.