Malware discovered on Android mobile phones and tablets was installed on the devices in the supply chain, a cyber security firm has claimed.
Check Point’s Mobile Threat Prevention service said it had detected a severe infection on 36 Android devices following testing.
Although it did not identify exactly where the devices came from, it said they were from a large telecommunications company and a multinational technology company.
Check Point said an investigation found that, unusually, the malware was not downloaded to the device inadvertently by the users but rather had arrived with it.
And as the malicious apps were proved not to be officially installed by the vendor, Check Point concluded they must have been added somewhere along the supply chain.
“Six of the malware instances were added by a malicious actor to the device’s ROM [read-only memory] using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed,” said Check Point in a blog.
Most of the malware programs found to be pre-installed on the devices were so-called “info-stealers”, designed to pass on user information.
Mobile ransomware such as “Slocker”, which encrypts all files on the device and demands a ransom in return for decryption, was also found.
And “rough adnet”, malware that displays illegitimate adverts, steals data about the device and installs itself to the system, allowing it to take full control of the device, was also discovered.
“Pre-installed malware compromises the security even of the most careful users,” said Oren Koriat, of the Check Point Mobile Research Team.
“In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity, which often occur once a malware is installed.”
☛ Want to stay up to date with the news? Sign up to our daily bulletin.