Home SECURITY Millions of Android devices sold already contain viruses

Millions of Android devices sold already contain viruses

Millions of Android devices sold already contain viruses


Trend Micro: Millions of Android devices sold already contain viruses

Smartphones are infected with malware during the manufacturing process.

Specialists from the information security company Trend Micro discovered that millions of Android devices around the world are infected with malware before they even leave the factory. Experts about it told at the conference black hat Asia.

Mostly budget Android smartphones, as well as smart watches, TVs and other gadgets, were at risk. Their production has been outsourced to OEMs, who can inject malware at any stage of device assembly, such as installing firmware.

The practice has been around for a long time and is a “growing problem for mainstream users and businesses,” the researchers said. They compared infecting devices so early in their life cycle to a tree that absorbs liquid: if an infection is introduced at the root, it will spread throughout the tree – to every branch and leaf.

The infection of the firmware began with the fact that the price of them fell sharply. The competition between firmware vendors has become so fierce that they have stopped charging money for their product.

Trend Micro explained that as a result of this situation, firmware began to ship with an undesirable feature – hidden plugins. The team analyzed dozens of firmware images looking for malware. They found over 80 different plugins, although many of them were not widely used.

The most dangerous plugins were those that had their own business model, were sold on the dark web, and advertised openly on Facebook*, blogs, and YouTube. Malware turns devices into proxies that are used to intercept SMS messages, take over accounts in social networks and instant messengers, as well as monetize through ads and click fraud.

One type of plugin, proxy plugins, allow criminals to rent devices for up to 5 minutes at a time. For example, those who lease control of a device can access keystroke data, location, IP address, and other information.

According to experts, a proxy user will be able to use someone else’s phone for 1200 seconds as an exit node. In addition, the Trend Micro team found a cookie plugin Facebookwhich was used to collect activity from the Facebook app.

According to telemetry, at least millions of infected devices exist around the world, but they are concentrated in Southeast Asia and Eastern Europe. The statistics, which the criminals themselves reported to the researchers, spoke of 8.9 million devices.

As for the source of the threat, the experts did not name specific countries, although the word “China” was used several times in their presentation, including in the story of the origin of the suspicious firmware. Trend Micro said the audience should consider where the majority of OEMs in the world are located and draw their own conclusions.

“Although we may know the people who are building the infrastructure for this business, it is difficult to pinpoint exactly how this infection enters a smartphone because we don’t know for sure at what point it entered the supply chain,” the researchers said.

Malware has been found on phones from at least 10 manufacturers, but possibly around 40 other companies are also affected. In order not to purchase an already infected phone, you should choose more expensive models. In other words, malware is found in smartphones in the low-end Android ecosystem, so it’s worth choosing larger brands, although this does not guarantee complete security.

Experts said that big brands like Samsung or Google take good care of the security of their supply chain, but this is still a very lucrative market for attackers.

* The Meta company and its products (Instagram and Facebook) are recognized as extremist, their activities are prohibited on the territory of the Russian Federation.


Source link



Please enter your comment!
Please enter your name here