Trustaira Blog
Pre-Installed Malware Found On High-End Smartphone Devices
April 4, 2017        Trustaira Staff

Previously, there were report about infecting android devices with malware through the Apps downloaded from Android Stores.  It is only getting worse with time. Recently android devices of various vendors were found with pre-installed malware. They were discovered to be loaded with malwares pre-installed somewhere along the supply chain.

Android Malware

Android Malware

Check Point Software Technologies said that it found that 38 Android handsets were infected with adware, information-stealing malware & ransomware, a collection of malicious code as sundry as the number of different manufacturers. Furthermore, these malicious software Apps were not part of the official ROM firmware supplied by the smartphone manufacturers.  Rather they were installed later, just before the handsets arrived at the awaiting distribution companies from the manufacturer’s factory.

Most likely the devices were tampered with at a retail location, and then were sold to the market. Fortunately, all 38 devices have been re-mediated through Check Point’s products, but it is entirely possible that more devices in the wild that were similarly infected.

Check Point said it found six devices infected with the Loki Trojan and several others with a mobile ransomware called Slocker.

First seen in February 2016, Loki Trojan is a malicious ad network. It is injected in the devices right inside core Android operating system processes to achieve all root privileges. This trojan includes spyware-like features. Furthermore, It can display ads to generate revenue, has mechanisms to maintain persistence, and it can intercept communication and exfiltrate data from an Android device.

Pre-installed Android Malware

Pre-installed Android Malware

Slocker, a mobile ransomware, locks victim’s devices for ransom using encryption and uses the Tor network for command and control communication.

List of infected smartphones mentioned below

  • Galaxy Note 2
  • LG G4
  • Galaxy S7
  • Galaxy S4
  • Galaxy Note 4
  • Galaxy Note 5
  • Xiaomi Mi 4i
  • Galaxy A5
  • ZTE x500
  • Galaxy Note 3
  • Galaxy Note Edge
  • Galaxy Tab S2
  • Galaxy Tab 2
  • Oppo N3
  • Vivo X6 plus
  • Nexus 5
  • Nexus 5X
  • Asus Zenfone 2
  • LenovoS90
  • OppoR7 plus
  • Xiaomi Redmi
  • Lenovo A850

To eradicate the malware from the infected devices, you can root your device and uninstall the malware Apps easily. If that does not work, you can completely reinstall the phone firmware/ROM.

Thank you for reading it.

Category