According to Check Point Software Technologies, Android devices from companies like Samsung, LG, Xiaomi, ZTE, Oppo, Vivo, Asus and Lenovo already have malware present in them before they reach the customer hands.
Check Point discovers various malwares ranging from info-stealers, ransomware like Slocker and Loki, which shows “illegitimate advertisements” to generate revenue while stealing device information and information stealers. The company says it analyzed 36 Android devices, belonging to a large telecommunications company and a multinational technology company.
Interestingly, Check Point researcher, Oren Koriat, says that none of the malware they detected was not downloaded to the device as a result of the users’ use, instead the devices arrived with malwares present in them. The malicious apps were not part of the official ROM supplied by the vendor and they were added somewhere along the supply chain.
According to Koriat, six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they could not be removed by the user and the device had to be re-flashed.
Pre-installed malware compromise the security even of the most careful users. In addition, a user who receives a device already having malware will not be able to notice any change in the device’s activity, which often occur once a malware is installed.
The malicious package names and devices they were spotted on are listed below. Since they were added after manufacture, vendors are not to blame.
| Malware | Device |
| com.fone.player1 | Galaxy Note 2 LG G4 |
| com.lu.compass | Galaxy S7 Galaxy S4 |
| com.kandian.hdtogoapp | Galaxy Note 4 Galaxy Note 8.0 |
| com.sds.android.ttpod | Galaxy Note 2 Xiaomi Mi 4i |
| com.baycode.mop | Galaxy A5 |
| com.kandian.hdtogoapp | Galaxy S4 |
| com.iflytek.ringdiyclient | ZTE x500 |
| com.android.deketv | Galaxy A5 |
| com.changba | Galaxy S4 Galaxy Note 3 Galaxy S4 Galaxy Note Edge Galaxy Note 4 |
| com.example.loader | Galaxy Tab S2 |
| com.armorforandroid.security | Galaxy Tab 2 |
| com.android.ys.services | Oppo N3 vivo X6 plus |
| com.mobogenie.daemon | Galaxy S4 |
| com.google.googlesearch | 5 Asus Zenfone 2 LenovoS90 |
| com.skymobi.mopoplay.appstore | LenovoS90 |
| com.example.loader | OppoR7 plus |
| com.yongfu.wenjianjiaguanli | Xiaomi Redmi |
| air.fyzb3 | Galaxy Note 4 |
| com.ddev.downloader.v2 | Galaxy Note 5 |
| com.mojang.minecraftpe | Galaxy Note Edge |
| com.androidhelper.sdk | Lenovo A850 |
Security in Android devices is a very serious concerns due to its fragmentation. In last years Android security annual report, Google claimed that the company is taking Android security very seriously and now scans around 400 million devices and 6 billion installed apps each day. Recently, WikiLeaks revealed that CIA is working on tools and obtaining zero-day exploits for iOS and various devices including Android and Windows.
