Are you using an Android smartphone handed to you by your employer? Chances are your phone has been infected with malware before it was delivered to you! At least that is what Check Point researchers found out when they performed a test in two unnamed companies.
More specifically, 38 of the devices meant for the employers were already infected with malware before they were put to use. The smartphones in question were Samsung, ZTE, Oppo, Asus, Lenovo, and Xiaomi. It is not the manufacturers who are at fault, researchers outline. Check Point has released details about the research project in a blog post tiled “Preinstalled Malware Targeting Mobile Users”.
Malware Pre-Installed on Company Devices, Given to Employers
The company’s findings reveal that the malware instances were already installed before they were handed to the employees. However, the malicious apps were not part of the official ROM supplied by the vendors, meaning that they were added later along the supply chain, Check Point explains. Six of the malware pieces were added to the smartphone’s ROM via system privileges, making them susceptible to removal attempts. As for the malware:
Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks, and one of them was Slocker, a mobile ransomware. Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications.
However, the most vicious instance was the Loki malware, which is an adnet. It is a complex piece which uses several components each of which has its own functionality and role in carrying out the initial malicious purpose. As you may have guessed, Loki Malware shows malicious ads with the purpose of generating revenue. However, the malware also steals data about the targeted device and installs itself to system. This way it can take full control and remain persistent.
It’s needless to say how alarming this case is to both personal and enterprise security regarding mobile security in general. Pre-installed malware has long been an issue but this particular case puts things into an even worse perspective. Employers could have been subjected to backdoors, in addition to the adnets found pre-installed on the company devices. That is why researchers underline the necessity of advanced security measures on mobile devices.