Malware infecting Androids somewhere in the supply chain

Handsets leave the factory clean, then get dragged through the mud before they reach you

Smartphones from Samsung, LG, Xiaomi, ZTE, Oppo, Vivo, Asus and Lenovo have been spotted sporting malware they apparently carried when they were shipped.

The malware discovered by Check Point Software Technologies included info-stealers, ransomware like Slocker; Loki, which shows “illegitimate advertisements” to generate revenue while stealing device information; and information stealers.

Check Point says it found infections in 38 Android devices. Since the malware wasn't in the vendor's ROM, the company's researcher Oren Koriat reckons they were added in the supply chain between vendor and customer.

Koriat's post doesn't identify the victims beyond saying two companies owned the devices: one large telecommunications company, and one international IT company.

The malicious package names and devices they were spotted on are listed below. Since they were added after manufacture, vendors aren't to blame.

Malware Device
com.fone.player1 Galaxy Note 2, LG G4
com.lu.compass Galaxy S4, S7
com.kandian.hdtogoapp Galaxy Note 4, Note 8
com.sds.android.ttpod Galaxy Note 2, Xiaomi Mi 4i
com.baycode.mop Galaxy A5
com.kandian.hdtogoapp Galaxy S4
com.iflytek.ringdiyclient ZTE x500
com.android.deketv Galaxy A5
com.changba Galaxy S4, Galaxy Note 3, Galaxy Note Edge, Galaxy Note 4
com.example.loader Galaxy Tab 2
com.armorforandroid.security Galaxy Tab 2
com.android.ys.services Oppo N3, Vivo X6 Plus
com.mobogenie.daemon Galaxy S4
com.google.googlesearch Asus ZenFone 2, ZenFone 5m LenovoS90
com.skymobi.mopoplay.appstore Lenovo S90
com.example.loader Oppo R7 Plus
com.yongfu.wenjianjiaguanli Xiaomi RedMi
air.fyzb3 Galaxy Note 4
com.ddev.downloader.v2 Galaxy Note 5
com.mojang.minecraftpe Galaxy Note Edge
com.androidhelper.sdk Lenovo A850

“Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed”, Koriat writes. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017