New Android Smartphones Malware Infected: Is Your Smartphone at Risk and how to Avoid it?

By Anne Martinez / 1489484595
(Photo : Wikimedia Commons) Avoiding the insecure practice of downloading suspicious apps and clicking on shady links is not enough to prevent an Android smartphone from being attacked by ransomware or malware because even new devices are already found to be infected out of the box.

Avoiding the insecure practice of downloading suspicious apps and clicking on shady links is not enough to prevent an Android smartphone from being attacked by ransomware or malware because even new devices are already found to be infected out of the box.

Cybersecurity company Check Point made this discovery and raised new concerns on Android security. It also highlighted the importance of malware scanners on new and old smartphones alike.

According to Check Point, it has discovered 38 new Android devices with a "severe infection." It is not a surprise because the number of hackers using malware has increased but it is alarming because the malware was not downloaded and instead, came pre-installed.

The findings revealed that the phones had the malware even before the users received it. The malicious software was not in the official ROM so it may have been injected within the supply chain. The malware cannot be removed by the users as the devices need re-flashing to remove the malicious apps.

Most of the malware were information stealers and rough advertising networks. One malicious app was a mobile ransomware called Slocker which encrypts all device files using an AES encryption algorithm and demand ransom to give victims the decryption key.

One of the rough advertising networks was Loki which displays illegitimate advertisements on devices for revenue. The devices which were found to have pre-installed malware are phones by Samsung, Google, Xiaomi, ZTE, Oppo, Vivo, Asus, and Lenovo.

The 38 Android devices with pre-installed malware belonged to two companies which were unnamed and only described as "a large telecommunications company" and "a multinational technology company."

Businesses and personal users are both at risk. Wikileaks recently uploaded the alleged hacking tools of the CIA and recommended users to take cyber security in their hands. To avoid this risk, customers should buy smartphones only from verified sellers and upon receiving the new device should download a malware scanner immediately.