Notebookcheck Logo

Severe malware infection discovered in 38 Android device models

The malware came pre-installed on various Android devices, including some Samsung phones
The malware came pre-installed on various Android devices, including some Samsung phones
What makes this infection noteworthy is not that it exists, but the circumstances surrounding it. The malware was found to come pre-installed on the devices, meaning there was no way for users to avoid it.

Check Point's Mobile Threat Prevention research team revealed troubling information regarding their latest mobile malware findings in a blog post today. The team detected a "severe infection" targeting 38 Android device models belonging to an unnamed "large telecommunications company and a multinational technology company." The most surprising detail about the findings is that the malware wasn't found inside a deceptive Play Store listing or email link as is usually the case, but came pre-installed on the devices themselves.

The Check Point team isn't placing the blame on the device vendor; rather, they determined that the malware was added to the devices' ROM "somewhere along the supply chain" by a "malicious actor." In some of the instances the malware was impossible to remove, forcing users to re-flash their device's ROM. Among the pre-installed malware is the Loki malware, which displays illegitimate ads, steals device data, and installs itself to system, achieving full control over the device and making it near-impossible to remove. Bad as that piece of malware may be, the most potentially frustrating malware the team found was Slocker, a mobile ransomware. As with other ransomware, Slocker has the ability to encrypt all of a device's files, after which a ransom demand can be made to provide the decryption key.

At the end of their blog post, the Check Point research team posted a list of the affected devices and the infected APK files. Many older but still relatively common devices are included in that list, including the LG G4, Samsung Galaxy Note 4, and Galaxy Tab S2. Check Point's only advice at this time is for users to "implement advanced security measures capable of identifying and blocking" these types of infections.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2017 03 > Severe malware infection discovered in 38 Android device models
John Garcia, 2017-03-10 (Update: 2017-03-11)