1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.

Android Phones Caught Selling with Pre-Installed Factory Malware

Discussion in 'General Malware And Security' started by starbuck, Mar 5, 2018.

  1. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Sep 26, 2009
    Midlands, UK
    Operating System:
    Windows 10
    AMD Athlon II x2 250 Processor 3.00GHz
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Malware injected in firmware of more than 40 models


    More than 40 Android phone models, most of them manufactured by companies in China, ship with pre-installed malware that was injected into the firmware straight from the factory.

    Security company Dr. Web says that it came across a new Trojan called Android.Triada.231 in the firmware of several Android devices back in mid-2017, and after an in-depth research, it discovered that over 40 models are likely to be affected.

    Most of the compromised phones are in the low-end category, and they include devices from Leagoo, Doogee, Umi, and Cubot.
    Newer models include the Leagoo M9 launched in December.

    Dr. Web explains that it contacted the affected companies to report the problem, and it discovered that at least in one case, the culprit was a partnership with a software developing company in Shanghai which required Android OEMs to pre-install one of its apps into the image of the mobile operating system.

    Stealing confidential information

    As for how dangerous the malware can be for Android users purchasing these phones, the security firm says it can steal confidential information, like banking data and personal details.

    These Trojans infect the process of an important Android system component, Zygote.
    This process is used to launch all applications.
    Once the Trojans inject into this module, they penetrate other running applications
    ,” Dr. Web explains in its analysis.

    In doing so, they obtain the ability to carry out various malicious activities without a user’s intervention: they covertly download and launch software.
    The key feature of Android.Triada.231 is that cybercriminals inject this Trojan into the libandroid_runtime.so system library.
    They do not distribute the Trojan as a separate program.
    As a result, the malicious application penetrates the device firmware during manufacture.
    Users receive their devices already infected from the box

    The security company warns that the number of Android phones possibly shipping with the same malware could be bigger, though for the time being, only the models below have been confirmed to be compromised.

    Removing the malware from a phone isn’t possible without installing a clean version of the operating system, in which case the manufacturer is the only one that can help.
    If the device is rooted, security applications can help clean the infection.

  2. Tony D

    Tony D Super-Moderator Super Moderators

    Sep 25, 2009
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    How in the world do these malware apps get in?

    I never heard of any of those phones.
  3. Seth Anthony

    Seth Anthony Registered Members

    Mar 31, 2017
    Operating System:
    Linux Based
    Computer Brand or Motherboard:
    Altaire 8800
    Modified Texas Instruments calculator
    2 transistor tubes
    Hard Drive:
    pen and paper
    Graphics Card:
    TV ready
    Power Supply:
    Mouse on a wheel
    That's because they have .000000000000000000001% of the market.

Share This Page