There are only a scant few things in our digital lives worse than the extraneous apps that come bundled with new Android devices. Carriers and OEMs install the bulk of this bloatware, and make it all but impossible to remove the apps from your devices. Because if you can’t remove, then perhaps you’ll actually use it or so their thinking goes.
Two unidentified distributed pre-loaded malware programs to at least 36 flagship, high-end smartphones namely Samsung, LG, Lenovo, Asus, Xiaomi, Oppo etc.
How Was the Problem Diagnosed?
After Check Point malware scan performed on some test devices, the malware infected devices were diagnosed. Loki and SLocker are two malware families detected on the infected devices.
According to Check Point researchers blog post on Friday, these malicious firmware was not part of the manufacturers’ official ROM, but installed later somewhere along the supply chain, before the handsets arived at the two companies from the manufacturer’s assembly units.
Loki and SLocker
First seen in February 2016, Loki which was indeed a Trojan injected devices right inside core Android operating system to gain root privileges. It also spies on grabbing the list of running processes, browser history, call history, contact list, location data, etc.
SLocker is mobile ransomware that locks victim's device for ransom and communicates through Tor in order to hide operators identity.
Smartphones that were Reportedly Infected with the Malware
Here’s the list of infected smartphones:
- Galaxy Note 2
- Galaxy Tab S2
- LG G4
- Galaxy S7
- Xiaomi Mi 4i
- Galaxy S4
- Galaxy Note 4
- ZTE x500
- Galaxy Note 3
- Galaxy Tab 2
- Oppo N3
- Galaxy Note 5
- Vivo X6 plus
- Nexus 5
- Nexus 5X
- Galaxy Note Edge
- Asus Zenfone 2
- Galaxy A5
- OppoR7 plus
- Xiaomi Redmi
- Lenovo A850
What is this Malware Capable of?
Infact this malware is a backdoor that offers its operator or the hacker unrestricted access to these infected devices. It offers from downloading, installing malicious android apps to deleting user data, disabling system apps, logging calls and what not!
How to get rid of this Malware?
Get rid of these malware is hard task because device’s ROM contains these installed malware programs .
However, two methods can remove the malware from the infected devices. One is to either root the device and uninstall the malicious apps containing the malware or to completely reinstall the safe phone firmware or Flash the ROM from the official manufacturer’s website.
Our advise is to approach a service technician to reinstall the firmware since both the process need a bit of technical knowledge what the xda guys do.
To what Extent Smartphones are Vulnerable today?
But also in December 2016, a malicious firmware covertly gathered data on the certain low-cost Android smartphones and tablets, displayed advertisements without user consent, installed unwanted apps on the victims’ devices.
And also in November 2016, researchers discovered a hidden backdoor in the AdUps firmware. Over 700 million devices were affected then. It was the sole reason for user data breach to a Chinese company without users’ knowledge.
Furthermore, some cheap Android device manufacturers used a flaw in the Ragentek firmware that allowed attackers to remotely execute malicious code with root privileges. As a result, full control of the devices to the hackers!