G DATA security experts published their latest research in which they’ve analyzed top Chinese Android smartphone models and found that a large number of them ship with pre-installed malware and spyware.
According to G DATA’s team, their interest in this matter was first sparked when in 2014, the Star N9500 smartphone was found to be harboring malware that came pre-installed for factory-shipped phones. Till then, their research also uncovered similar spyware in Star N8000 and IceFox Razor models.
Now with information gathered from fellow researchers, their list of Android devices on which pre-installed malware was found has extended with the following models: Xiaomi MI3, Huawei G510, Lenovo S860, Alps A24, Alps 809T, Alps H9001, Alps 2206, Alps PrimuxZeta, Alps N3, Alps ZP100, Alps 709, Alps GQ2002, Alps N9389, Andorid P8, ConCorde SmartPhone6500, DJC touchtalk, ITOUCH, NoName S806i, SESONN N9500, SESONN P8, and Xido X1111.
Chinese middlemen suspected of adding malware to smartphones
All are manufactured in China, except ConCorde, which according to this website (if it’s its homepage) is located in Hungary. This does not rule out the possibility that its smartphones were assembled in China.
Why is establishing a Chinese connection so important? Because G DATA researchers “suspect middlemen of being the perpetrators.”
“In addition to the revenue gained from selling on the mobile device, they try to make additional financial gains from stolen user data and enforced advertising,” say G DATA’s security experts in the company’s Mobile Malware Report for Q2/2015.
Security experts are very certain that manufacturers won’t risk their reputation by distributing malware, so this leaves the middlemen as the culprits responsible for infecting the devices.
The malware is hidden as an add-on in legitimate Android apps
According to G DATA, the contamination of these smartphones is done by hiding malware as add-on code in legitimate apps. Since users don’t usually interact with the malware and the add-on runs in the app’s background, unless using a mobile antivirus solution, these infections are rarely discovered.
Even if discovered, this does not solve the problem, since the application is part of the smartphone’s firmware and cannot be uninstalled. In this cases, users should contact their mobile device vendor and ask for an alternate clean phone, or a refund.
It’s not even high-quality malware
Researchers warn that the discovered malware can access personal details, and even exfiltrate data from the phone via an Internet connection. Data stolen from mobile phones can then be used in hijacking of social media or email accounts, or even worse, for making fraudulent financial operations or purchases of goods.
The malware that comes pre-installed on these devices is not even of acceptable quality, G DATA’s staff considering that other attackers could easily take over the pre-installed malware and use it for their own purposes.
Malware on Android devices is certainly nothing new, and as G DATA experts also noted in their report, in the first six months of the year there have been over 1 million Android malware samples discovered.
This is going to be a record-breaking year, and they expect 2015 to surpass the previous year’s record of 1,5 million detected malware samples.