Somewhere along the supply chain, a number of popular Android devices have reportedly been infected with malicious codes. This discovery was made by an Isreal-based cyber-security firm, Check Point. It was discovered that these infections were not due to use by consumers, but these devices were sold infected with different malware.
Affected devices include Samsung Galaxy S7, Samsung Galaxy S4, Xiaomi Mi4i, ZTE x500, Oppo N3, Lenovo S90, Xiaomi Redmi, Vivo x6 Plus and many others. According to the blog post on the security firm’s website:
According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain.
On affected devices, most of the malware installed are meant to steal users information. Some included malicious adware and one was identified as Slocker, a nasty mobile ransomware that employs Advanced Encryption Standard (AES) to encrypt all files on a device, demanding a certain amount to be paid before decryption.
These installed malware cannot be removed by users. It’s even more alarming considering that quite a lot of bestselling smartphones are on the list. Unfortunately, there’s only little a user could do in a situation like this. However, the security firm suggests that users should take advanced security measures capable of identifying and blocking potential malware and ununsual behavior on their mobile devices.
Late last year, we reported a similar case affecting some Infinix and BLU devices where backdoors came pre-installed on their devices. Below is a list of affected devices, APKs and SHAs.