Pre-installed Malware on Millions of Android Phones - Google Research Says

Your phone could be one of the millions around the world that is pre-installed with a dangerous malware.

Pre-installed Malware on Millions of Android Phones - Google Research Says

According to Maddie Stone, the previous technical lead of the Android Security team and now a security researcher on Google’s Project Zero, presented her study at the Black Hat cybersecurity conference in Las Vegas.

She said that factory-installed applications, or apps that comes installed with the phone when you buy them, have malware with them and are found on millions of Android phones across the globe.

This is a very high level of threat especially when you have finance apps installed in your phone. Android’s open-source operating system allows people to slip in malware into smartphones unnoticed before they ship out to the world.

Pre-loaded malware is a threat that is often overlooked, as most users who fall victim to malware downloaded the app on their own. Pre-loaded malware is more too difficult to find and remove than downloaded ones.

If malware or security issues can make its way as a preinstalled app, then the damage it can do is greater, and that’s why we need so much reviewing, auditing, and analysis.

Two particular malware campaigns, namely Chamois and Triada, were found hidden in pre-installed apps. The two malware threats infected millions of low-budget Android devices out of the box and hacked online banking and loan accounts, and even distributed some social media account username and passwords.

Smartphones from big-name companies such as Samsung, LG, Google’s Pixel devices, are most likely safe from the pre-installed malware threat.

Google has stated that they are working to help manufacturers screen smartphones for malware. The Google team didn't disclose any details of the brands of phones involved, but more than 200 device manufacturers fell foul of the testing, with malware allowing the devices to be attacked remotely.

Chamois generates various flavors of ad fraud, installs background apps, downloads plugins and can even send premium rate text messages. Chamois alone was found to have come installed on 7.4 million devices. Triada is an older variant of malware, one that also displays ads and installs apps
In the meantime, the usual advice applies around downloading and installing apps from the Play Store. A healthy dose of skepticism does not go amiss when the app is from an unknown source. Not much users can do if those threats come preinstalled, though, and that's why this revelation is so dangerous. For this one we need to rely on manufacturers to do the right thing and follow Google's advice in screening software fully to eradicate such risks.