03-14-2017, 04:53 AM
(This post was last modified: 03-14-2017, 04:54 AM by SteelCrysis.)
http://www.tomshardware.com/news/malware...33884.html
WHOA.
WHOA.
Quote:Malware is usually able to make its way into a device because of user error. You might open an infected attachment, visit a malicious website, or download a piece of malware disguised as a popular app, for example, only to find that your device has been compromised as a result. But a report from the Check Point security company stated that 36 Android devices are compromised out of the box, which shows that user error isn't the only way for malware to get in.
Check Point said the devices were owned by "a large telecommunications company and a multinational technology company." The malicious apps seem to have been installed somewhere along the supply chain--they weren't included in the vendors' official ROMs, but they were installed by someone with system privileges, which means one of the companies involved in manufacturing, assembling, shipping, and selling the phones was probably involved.
Devices from Samsung, ZTE, Asus, Lenovo, Oppo Global, and LG were included in Check Point's report. The company said much of the malware it found was devoted to stealing information or showing illegitimate advertisements. The most notable apps it found were Slocker, ransomware that uses AES encryption to hold a phone's data for ransom, and the Loki Malware that can "take full control of the device and achieve persistency" to display ads.
...
Of course, it's worth noting that many Android smartphones have been sold, and the 36 found by Check Point are a fraction of a fraction of that number. The question now is how long the attackers targeted these devices' supply chains. Were they compromised from the get-go, or was only a small production run affected? The answers could make the difference between a relatively small problem and a much larger issue for these companies and their customers.

