So far, two unidentified vendors have been found selling smartphones from a variety of manufacturers containing malware from two different and particularly nasty families of malware: SLocker and Loki.
In all, at least thirty-six different models have been discovered, including phones from:
And others. As you can see, these are some very big names in smartphone manufacturing.
It’s important to note that the malware was not on the phones in question when they left their respective manufacturers. The malicious code was inserted later, at some point along the supply chain.
This is an especially dark development, because in both cases, the malware is especially vile.
Loki made its first appearance in 2016 and is highly advanced. It is a Trojan that coopts the Android OS, giving root-level permission to itself and any other software installed on its heels.
That means that the hacker who controls it has access to your browsing history, call history, location data, contact list and more.
SLocker is certainly no better. It is a mobile ransomware that locks the owner’s device, then demands a ransom, payable in bitcoins. It’s a grim piece of malware for two reasons. First, because it communicates with its creators via TOR, it’s virtually impossible to track and identify the hackers. Second, in addition to locking the device, it gives the app controller unfettered access to everything on it.
Here’s the complete list of smartphones that have been identified. It’s worth noting that not every unit sold from these models will be infected, but these are the models at risk:
• Asus Zenfone 2
• Galaxy A5
• Galaxy Note Edge
• Galaxy Note 2
• Galaxy Note 3
• Galaxy S4
• Galaxy Note 4
• Galaxy Note 5
• Galaxy S7
• Galaxy Tab S2
• Galaxy Tab 2
• Lenovo A850
• LG G4
• Nexus 5
• Nexus 5X
• Oppo N3
• OppoR7 plus
• Vivo X6 plus
• Xiaomi Mi 4i
• Xiaomi Redmi
• ZTE x500
wired reports, “Almost 40 different Android smartphones are shipping infected with malware that has been installed during the supply chain and manufacturing process, according to analysis by security experts….There’s no suggestion that any of the smartphone companies listed in the report are installing malware, with a security lapse in the supply chain most-likely to blame.”
Yahoo Tech comments, “This is obviously a very serious situation, and it’s certainly not the first time Android devices were found to have security issues right out of the box. Check Point hasn’t revealed what company the devices belonged to, but that might not actually matter in the grand scheme of things, as it appears preinstalled malware is becoming something of a trend on Google’s mobile OS.”