Millions of Android phones are shipping with malware already installed

Android device are leaving the factory compromised, report warns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from Trend Micro have discovered a worrying supply chain attack in which millions of Android devices are infected with infostealermalwarebefore they even make it out of the factory.

The affected device are mostly budgetsmartphones, but the attack also spilled into smartwatches, smart TVs, and other smart devices.

Senior Trend Micro researcher Fyodor Yarochkin, and his colleague Zhengyu Dong recently spoke about this issue at the conference in Singapore, noting the root of the problem stems from brutal competition among original equipment manufacturers.

Silent plugins

As it turns out, smartphone makers aren’t making all of the components. Firmware, for example, is being built by a third-party firmware supplier. However, as the price of mobile phone firmware kept dropping, the providers ended up being unable to charge money for their products.

Hence, Yarochkin explained, the products started coming with a little unwanted extra in the form of “silent plugins”. Trend Micro found “dozens” of firmware images looking for malicious software, and 80 different plugins. Some plugins were part of a wider “business model”, the researchers said, were sold on dark web forums, and even marketed on mainstream social media platforms and blogs.

This dangerous Android malware is seeing a huge rise in infections>Dangerous new ‘Hook’ Android malware lets hackers remotely control your phone>Check out the best ransomware protection software right now

These plugins are capable of stealing sensitive information from the device, steal SMS messages, take control of social media accounts, use the devices for ad and click fraud, abuse thetraffic, the list goes on. One of the more serious problems,The Registerstressed, is a plugin that allows the buyer to take full control of a device for up to five minutes, and use it as an “exit node”.

Trend Micro says the data suggests that close to nine million devices worldwide are affected by this supply chain attack, the majority of which are located in Southeast Asia and Eastern Europe. The researchers didn’t want to name the perpetrators, but they did mention China a few times, the publication concluded.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

How to turn off Meta AI