Monday March 13, 2017

Preinstalled Android Malware Targeting Mobile Users

Check Point Software Technologies has released a report showing that many popular Android smartphones are being infected with malware and spyware before users take delivery of their new devices. Researchers have determined that the malware is not a part of the the official vendors images for the devices, but that someone with malicious intent is installing the malware somewhere in the supply chain between when the official image is flashed on the device, and the user takes delivery.

It is worth noting that Checkpoint sells mobile security software, and thus has a horse in the race when it comes to getting people to be concerned about mobile malware, so maybe this should be taken with a grain of salt, but either way, I think going forward I'll be adding a "flash phone with fresh ROM image directly from vendor" step to my new phone setup routine. I've done this whenever I've picked up a used phone, but hadn't even though of doing it on new phones before.

News Image

Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks, and one of them was Slocker, a mobile ransomware. Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications.