Pre-Installed Perils

This is particularly worrying, as even the most cautious user may be bitten by malware they didn’t even install. The moment they press the power button on their device for the first time, there’s malware working in the background. After all, nobody suspects that the brand new phone they’ve just bought came pre-bundled with malware! Even worse, some of the malware found was specifically added to the ROM of the device. This means that if the user attempted a factory reset to get rid of the malware, it would persist through the reset.

Which Phones Got Hit?

As previously stated, thirty-six models in total were hit by this attack. So, which devices were compromised exactly? You can check the full list of devices on Check Point’s announcement of the attack. This includes a list of what malware was found on what device, so if you’re affected, you’ll know exactly what malware you’re looking out for. Some of the more renowned devices on the list include Samsung Galaxy, Galaxy Note, Zenfone, and Lenovo devices.

What Does the Malware Do?

As far as what malware is installed exactly, it can vary. Some devices had malware that shows adverts such as the Loki malware. Other examples gleaned information from the user and sent it to a third-party server. Others acted as Android-specific ransomware. As such, there’s no single diagnosis or symptom you can give a newly-bought phone to tell if it has been pre-infected with malware or not.

How Did This Happen?

It’s distressing to hear that phones are now shipping with malware installed the moment you buy them! How did this even happen in the first place? How is it that malware is finding its way onto users’ phones before they even go online? As for the report by Check Point, they state that the companies found to be selling malware-infected devices were “a large telecommunications company and a multinational technology company,” which doesn’t say much. However, it does mention that the malware attacks “… were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain.” This means that the distributors of the phones were the ones adding the malware, not the manufacturers. A Samsung Galaxy phone infected with pre-installed malware wasn’t the fault of Samsung themselves, for instance. This creates a worrying scenario where customers can no longer be certain that their phone will remain untampered with from the factory line to the home.

How Do I Avoid It?

Now that malware is being spread onto phones before they’re even sold, the tried and trusted anti-malware advice won’t work against this new form of attack. Exercising caution over the apps you download, the websites you visit, and the links you click won’t help you avoid malware that’s already on your system since day one. There are some additional precautions you can take, however, to prevent being bitten by this bug. First, make sure you purchase your devices from trusted resellers. This includes stores that are owned entirely by the people manufacturing the phone that you want, as well as highly respected and trusted network providers for your country. Purchasing a phone from less-reputable sellers runs the risk of having malware pre-installed on it. Even after you’ve bought the phone, there are still things you can do to stop malware from ruining your experience. Search on the Google Play store for highly-rated virus scanners and run them on your system. You can also check our article on the best antivirus apps for Android and pick one out that you like the look of. More advanced users can flash a new ROM after purchase so that no malware on the device survives whatsoever.

Prepared for the Pre-Installed

While pre-installed malware on Android phones is a worrying premise, it’s not unavoidable. When purchasing devices, make sure to purchase from official or highly-rated resellers. Stay away from potentially shady deals, and avoid being caught up before you even turn on your new phone! Does this nefarious method of distributing malware worry you? Let us know below in the comments section.