Millions of Android devices are infected with malware before they leave the factory
At Black Hat Asia, a team of Trend Micro security researchers claimed that millions of Android devices are infected with malware before they leave the factories.
One of the most effective ways of infecting Android devices is to do so before they even make it into the hands of customers. First spotted by The Register, operations may have been going on since at least 2017.
Cyber criminals infect Android devices, mostly mobile phones but also other devices powered by Android, including smartwatches or TVs. Most have in common that they are on the cheaper side and that their manufacturers outsource production or part of production to OEMs (original equipment manufacturers).
The outsourcing opens up possibilities to add malicious code to products. Third-party threat actors may infiltrate the supply chain to add malware to products.
Trend Micro's research into the matter revealed that cyber criminals have infected millions of Android devices this way. Infected devices are turned into 'mobile proxies', which may be used for a number of purposes, including the stealing and selling SMS messages, social media and online messaging accounts and monetization via advertisements and click fraud, according to Trend Micro.
The researchers suggest that infections started as the prices for mobile phone firmware started to drop. Firmware distributors would make less and less and some started to explore other revenue generating options.
Some started to ship with plugins, which could be activated remotely for a wide range of criminal activities. Access to plugins was sold then on underground markets.
The Register describes that one type of plugin, called proxy plugins, allowed for the renting of device access for a limited time. Criminals who bought access would be able to use the device for activities during that time. Other plugins would attempt to steal Facebook cookies to harvest a user's activity on Facebook.
Trend Micro's scans locate most of the infected devices in Southeast Asia and Eastern Europe, but devices exist in other regions as well. They claim that at least one million infected devices exist. The cyber criminals claim that they have more than 8 million devices under their control.
The team of researchers found malware on devices of 10 different vendors, but it believes that dozens more may be affected by this. They suggest that customers rely on major phone brands to avoid purchasing Android devices with infections.
Experienced users might analyze network traffic of their devices to find out if they communicate with unknown servers, even while the device is idle.
Image Credit: Wayne Williams
'Millions of Android devices are infected with malware before they leave the factory' first appeared in Weekly Tech Insights, a free weekly newsletter that you can sign up to here.