Your Samsung, LG, Xiaomi, or other Android smartphone could be pre-loaded with malware


Despite being based on the very secure Linux kernel, Android isn't necessarily a very secure operating system. Unlike iOS which does a great job of shielding its users from installing apps from outside Apple's own App Store, it is far too easy to do so on Google's mobile OS. Also, there is nothing requiring manufacturers to issue device updates, meaning many users are forced to use outdated and vulnerable versions of the operating system.

For the most part, however, Android users can remain safe by acting intelligently, such as only installing apps from the Play Store. Well, that might not be so true anymore. You see, it has been discovered that many models of Android smartphones -- from manufacturers such as Samsung, LG, and even Google's own Nexus line -- are being sold with malware pre-installed. This is particularly bad malware, as it can steal user information. Some devices even came pre-loaded with ransomware!


"The Check Point Mobile Threat Prevention has recently detected a severe infection in 38 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users' use, it arrived with it," says Oren Koriat, Check Point Mobile Research Team.

Koriat further says, "According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed."

Check Point shares the following make and models of Android devices, plus the associated infected APK.

Smartphone Malware APK
Asus Zenfone 2
Google Nexus 5 com.changba
Google Nexus 5 com.mobogenie.daemon
Google Nexus 5X com.changba
Lenovo A850 com.androidhelper.sdk
LenovoS90 com.skymobi.mopoplay.appstore
LG G4 com.fone.player1
Oppo N3
OppoR7 plus com.example.loader
Samsung Galaxy A5 com.baycode.mop
Samsung Galaxy A5
Samsung Galaxy Note 2 com.fone.player0
Samsung Galaxy Note 2
Samsung Galaxy Note 3 com.changba
Samsung Galaxy Note 4 com.kandian.hdtogoapp
Samsung Galaxy Note 4 com.changba
Samsung Galaxy Note 4 air.fyzb3
Samsung Galaxy Note 5 com.ddev.downloader.v2
Samsung Galaxy Note 8 com.kandian.hdtogoapp
Samsung Galaxy Note Edge com.changba
Samsung Galaxy Note Edge com.mojang.minecraftpe
Samsung Galaxy S4
Samsung Galaxy S4 com.kandian.hdtogoapp
Samsung Galaxy S4 com.changba
Samsung Galaxy S4 com.changba
Samsung Galaxy S4 com.mobogenie.daemon
Samsung Galaxy S7
Samsung Galaxy Tab 2
Samsung Galaxy Tab S2 com.example.loader
vivo X6 plus
Xiaomi Mi 4i
Xiaomi Redmi com.yongfu.wenjianjiaguanli
ZTE x500 com.iflytek.ringdiyclient

It is important to note that the phones are not coming from the manufacturers with the malware installed. Instead, third-party retailers (or their suppliers) are pre-loading malware on the devices, which are sold to unsuspecting consumers. In other words, if you purchased your phone new from a trusted retailer like Best Buy, for example, then you should be fine. If you bought a phone from, say, eBay or Craigslist, you could be infected -- but it is not a guarantee.

To make matters worse, the malware cannot be easily removed -- an app cannot do it, sadly. Check Point found that the phones must be re-flashed entirely, with a clean version of the OS. This is likely beyond the capabilities of the average consumer.

Do you own any of the aforementioned smartphones? If you bought it from a sketchy seller, are you worried? Tell me in the comments.

Image Credit: Georgejmclittle / Shutterstock

59 Responses to Your Samsung, LG, Xiaomi, or other Android smartphone could be pre-loaded with malware

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.