Millions of Android phones are shipping with malware already installed

Samsung Galaxy S23 hands on display macro
The Google Play Store on Samsung's Galaxy S23 (Image credit: Future | Alex Walker-Todd)

Cybersecurity researchers from Trend Micro have discovered a worrying supply chain attack in which millions of Android devices are infected with infostealer malware before they even make it out of the factory.

The affected device are mostly budget smartphones, but the attack also spilled into smartwatches, smart TVs, and other smart devices.

Senior Trend Micro researcher Fyodor Yarochkin, and his colleague Zhengyu Dong recently spoke about this issue at the conference in Singapore, noting the root of the problem stems from brutal competition among original equipment manufacturers. 

Silent plugins

As it turns out, smartphone makers aren’t making all of the components. Firmware, for example, is being built by a third-party firmware supplier. However, as the price of mobile phone firmware kept dropping, the providers ended up being unable to charge money for their products. 

Hence, Yarochkin explained, the products started coming with a little unwanted extra in the form of “silent plugins”. Trend Micro found “dozens” of firmware images looking for malicious software, and 80 different plugins. Some plugins were part of a wider “business model”, the researchers said, were sold on dark web forums, and even marketed on mainstream social media platforms and blogs.

These plugins are capable of stealing sensitive information from the device, steal SMS messages, take control of social media accounts, use the devices for ad and click fraud, abuse the traffic, the list goes on. One of the more serious problems, The Register stressed, is a plugin that allows the buyer to take full control of a device for up to five minutes, and use it as an “exit node”. 

Trend Micro says the data suggests that close to nine million devices worldwide are affected by this supply chain attack, the majority of which are located in Southeast Asia and Eastern Europe. The researchers didn’t want to name the perpetrators, but they did mention China a few times, the publication concluded.

Via: The Register

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
BadBox malware hit after infecting over 500,000 Android devices
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)