Malware Found Preinstalled On 38 Android Phones Used By 2 Companies

An anonymous reader quotes a report from Ars Technica: An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected. Most of the malicious apps were info stealers and programs that displayed ads on the phones. One malicious ad-display app, dubbed "Loki," gains powerful system privileges on the devices it infects. Another app was a mobile ransomware title known as "Slocker," which uses Tor to conceal the identity of its operators. Check Point didn't disclose the names of the companies that owned the infected phones. Padon said it's not clear if the two companies were specifically targeted or if the infections were part of a broader, more opportunistic campaign. The presence of ransomware and other easy-to-detect malware seems to suggest the latter. Check Point also doesn't know where the infected phones were obtained. One of the affected parties was a "large telecommunications company" and the other was a "multinational technology company."

LineageOS

this is exactly why I *only* buy android products supported by LineageOS, and often I don't bother with gapps too...

Re: LineageOS

I like the idea of CyanogenMod and LineageOS but let's be serious; you have no idea what's contained in those distros. Malicious software could easily hide in source code and get built every night.

Re: LineageOS

I like the idea of Windows Phone and iOS but let's be serious; you have no idea what's contained in those distros. Malicious software could easily hide in source code and get built every night.

Re: LineageOS

"And let's dispel once and for all with this fiction that Windows Phone and iOS doesn't know what they're doing. They know exactly what they're doing"

Re: LineageOS

[coastwalker]

It has been very clear for years that mobile phone operating systems are completely compromised. Either the company that sold them to you is in charge of monetizing your every breath or state security services are watching your every move (and not necessarily your own state either). A well set up PC connected to the internet is slightly better but basically anything connected to the internet is owned by a corporation or several nation states. It does not matter for most of us in our day to day lives but forget using any of this stuff if you are a journalist with information that someone powerful does not like. Whether this is a problem is something we will only find out in a few decades. Personally I would keep a very docile and obedient profile if you want to stay healthy in the coming 50 years. This is what makes hating migrants as security threats such a joke, you can be sure that the state can destroy any of them that look a bit dodgy just as soon as they feel like it.

Marketing Article

There's no reason why Checkpoint software would know the supply chain history of devices their software protects. They wouldn't know if the phones were fresh from the supplier, or their software had been installed later onto devices already in use. 38 devices does not sound like a lot either.

IMHO, given the current fake news president, they should name the companies and put some plausible details around their claim.

Re: Marketing Article

If you were to follow the US presidential example, you should certainly demand evidence of other people yet hypocritically provide none of your own. Since they have not, they are on mark for the current fashion.

Re: Marketing Article

Trump isn't deranged. Why would you name a syndrome after him?

Re: Marketing Article

Perhaps Breitbart will pretend it's the CIA? I'm reminded of the recent Breitbart news , "CIA uses stolen malware to attribute cyber attacks to nations like Russia"...

Although Occams Razor suggests this is more to do with the investigation of Roger Stone of Breitbart, who apparently was coordinating propaganda with Russian government hacker Guccifer 2.0 during the election.

Watch him on RT, Russian propaganda TV. Party before country. Traitors who'd sell out America for power.
https://www.youtube.com/watch?v=sjMUyPwe38E

So let's see if Breitbart spins this into an anti-CIA, anti-America thing.

Re: Marketing Article

It's named after the people who are deranged when it comes to Trump.

Re:Marketing Article

There's no reason why Checkpoint software would know the supply chain history of devices their software protects. They wouldn't know if the phones were fresh from the supplier, or their software had been installed later onto devices already in use.

That depends where and how they got hold of the devices. We are talking about large companies here that probably buy phones in some quantity for their employees; having detected a malware issue, it would not be hard to get new, sealed phones from the company's stock, to see what was preinstalled on them (in all lilelihood, the company's IT staff did that themselves, and finding malware on newly unboxed phones was what prompted them to ask CheckPoint to investigate further). At that point, it's not hard to compare what's on the newly unboxed phones with the manufacturer's factory image at the time of manufacture, which is what they did.

38 devices does not sound like a lot either.

38 models of phone, not 38 total handsets.

Re: Marketing Article

There's a madman in control of the most powerful nation in the world. An exceptional reaction to that seems pretty normal. On the other hand, the psychopaths fine with it and along for the ride could kill us all.

Re: Marketing Article

Nope, no derangement here at all.

On a side note, I often wonder whether the crazy idiots who think Trump's going to kill us all are the same crazy idiots who thought Obama was going to kill us all, or the people who spent the last 8 years smugly mocking them and spamming the world with Stewart/Colbert/Oliver videos. (Not that mental illness with a dash of hypocrisy is that much worse than only the mental illness.)

Re: Marketing Article

For or against him? Most of the violence, and verbal abuse on social media, is committed by those against him, so they are certainly "deranged". See Scott Adams blog ( http://blog.dilbert.com/ ) for his postings analyzing the for/against Trump phenomena. BTW, I voted against him in the primaries, but had to hold my nose to vote for him in the actual election since he and Hilary both stank, but hers was much worse (I know: all in the nose of the sniffer...).

Re: Marketing Article

[amiga3D]

You sound unhinged. His control is very limited. This is why we have 3 branches of government you know, there's no such thing as a dictator. You sound as crazy as the far right nuts that ranted that Obama was going to declare the election void and stay in office. Or the far left nut jobs begging him to do just that. Why don't you go see a doctor and get some Xanax? Chill out.

Re: Marketing Article

Ahh, I missed that he was a Trump advisor AT THE TIME he was doing his little co-ordinating with Guccifer. No wonder he's on RT attacking the CIA.

Interesting, Carter Page was also on RT, in December 2016... from his Moscow visit, he went to Moscow for a week to meet 'business leaders and thought leaders', announced it, met a bunch of Russians, and went on RT:
https://youtu.be/4ePHA4f7MNg?t=55s

Or his July visit which including meetings with Russian intelligence:
http://www.usatoday.com/story/news/2017/03/07/campaign-granted-page-permission-moscow-trip/98874648/

Which is odd, because this February he said he didn't have any meetings with Russian official in 2016
https://youtu.be/bsgSl8s2GeM?t=5m25s

All kinda of coming out in the last few days, since 4th March, yet you were distracted by Trump's allegation against Obama which came out March 4th.

I see.

Re: Marketing Article

Reading comprehension failure. Parent said the psychopaths along for the ride could kill everyone, not that Trump would kill everyone. There's a massive difference between thinking the various Nazi, Fascist and KKK Trump supporters empowered by his ascent are dangerous and that Trump is personally is going to commit genocide. Maybe you're just really into strawmen, though.

Re: Marketing Article

Ah, the US, where everyone is on medication for mental problems...

Re:Marketing Article

Wrong. Per TFA title, "phones", and "devices" in the lead sentence, not "models". It does list 23 different models that presumably cover those "devices" (which include several Galaxy Tab models, so not all phones). And those models range over 8 brands from the last several years, such as Samsung's Notes 2/3/4/5 (even a "Note 8", but guessing that must have been a Tab since no Samsung phones at version "8" are available just yet ...). That seems to be way too much variety for any organization with any "reasonable" procurement/provisioning policies to be buying and providing to employees.

The variety makes me think these must have been from some surveys/audits of personal ("BYOD") devices some companies allowed employees to use for work purposes. I know I used several quite different phones/tablets my last few years of work (retired now) that had to meet security standards/monitoring via ActiveSync (AS), and which had to be dropped for that kind of use as the requirements evolved with the technology such as my Windows Mobile 6.x Verizon X6900 (HTC Touch) and a later Imagio, although it was annoyingly ironic when they refused to apply a MS AS server patch needed for the Windows Phone 8/8.1 phones I was considering since it was not needed for the preponderance of Android and iOS devices most of my colleagues used.

So I had to get yet another, newer Android 4. (now look at all the exposures those had, and still have!) Moto Razr HD phone just so it could run the requisite Touchdown app to work with the company's AS implementation to access their Exchange servers. Glad I am done with such strait-jacketing (imposed by employers at least).

Re: Marketing Article

[amiga3D]

Not everyone. I took some for a while but eventually I figured out the problem was me. The pills just made me live in a kind of fog. I decided I'd rather just quit worrying about shit I can't control. Not that I've entirely gotten over it, but I can get by now.

Re: Marketing Article

The problem there is that Scott Adams is, well, let's come right out and say he's another well known millionaire mysogynist. This characterisation is fair, he's well known as holding some widely criticised opinions on the topic including some that are demonstrably detached from reality (like his claims that he's living in a matriarchy). In short, the conclusion one successful white, male mysogynist millionaire makes when judging another probably isn't worth as much as you'd like to believe.

Re: Marketing Article

His supposed misogyny is irrelevant to his analysis of Trump's "master persuader" techniques, and how he is totally misrepresented by the elitist media proAGgressives due to their loathing of his blatant populism.

If they have no details

Then most likely it's yet another case of three-letter agencies doing it. They're not exactly fond of things that remove their rootkits after all.

Meanwhile two articles down...

I realize the extra physical exertion of a "swipe" versus a "tap" is just too much work for some, but at least I know my credit card doesn't come with malware preinstalled.

Re:Meanwhile two articles down...

[Pharmboy]

RFID chip might qualify. I'm not sure how much truth is in the claim they can be read by simply walking past you, but /me thinks they aren't totally secure.

Strange

I thought all Android phones had spyware pre-installed by Google.

Re: Strange

Fact. Mod Up +5

[yawn] This is old hat.

[weedjams]

Buying devices, opening them up and altering them, then returning to store has been popular for decades. Is called 'pre-p0wnd'.

Re:[yawn] This is old hat.

[demonlapin]

Yeah, wipe-and-reinstall (while connected to a guest network) is a necessity with preowned/open box items.

Re:[yawn] This is old hat.

Read the story fuckwit, that's not what's going on.

Fucking complete waste of air, go die in a fire you know-it-all clam.

Re:[yawn] This is old hat.

[Slashvertisment]

Presumably know-it-all clams contain pearls of wisdom?

Re:[yawn] This is old hat.

"Die in a fire" is so uncreative. You can do better than that.

Try: "I hope you get HIV and die in a fire at the AIDS clinic."

Re:[yawn] This is old hat.

What's "really" hurting you? C'mon, open up to us, the /. community. We're nerds, we understand rage.

Most anger is "mis-directed" anger, google it, learn about it. If you learn to control your emotions instead of your emotions controlling you, you will live a happier life. Good luck! :)

captcha = tragedy

Re:[yawn] This is old hat.

Yeah, that's original too. Fuck off.

Re:[yawn] This is old hat.

[amiga3D]

My favorite is "I hope your asshole grows shut."

Re:[yawn] This is old hat.

[amiga3D]

So true. It took me over two decades to figure it out. I had a breakdown and was basically out of it for 6 months and I finally learned to let things go. I still occasionally get a burst of rage but now I know what it is and kind of reset myself before it gets bad.

Re:[yawn] This is old hat.

Glad to hear that, just don't sweat the little shit, and you know what? Life is made up of mostly little shit. ;)

Re:[yawn] This is old hat.

you're a little shit.

Just remember this

while putting in adverts and collecting user browsing habbits is technically malware, it's far less worse than the NSA or CIA literally controlling your phone or device for malicious purposes, which could potentially be to frame you or otherwise hurt you.

Lookout

[DaMattster]

My MetroPCS ZTE ZMAX Pro came with Lookout preinstalled and it has been a pretty good app. I'm hoping that I won't pick up a piece of malware but Android and iOS are moving targets. It's not a matter of if, it's a matter of when.

This is an advertisement.

"We won't name the companies or devices"... because this is a FUD driven ad campaign for our services.

So obvious.

Is there a SINGLE phone out there without backdoor

???

This is getting old.

I don't care if it's old, I just want want something that handle simple daily tasks and doesn't have 500 backdoors and 5000 agencies/hackers spying on it.

What companies?

[amiga3D]

I'd think it'd be nice to know what companies and models it pertains to. A lot of people trust their phones for things like banking. I don't but I'm a little paranoid about money.

Re:What companies?

[amiga3D]

Never mind, I should have read the damn article. Headline is a little misleading.

homebrew PBX or Wifi hub

just watching the data gping through the Wifi router suggests how bad a Android is and something has been crashing my Noroot Firewall apk that I wonder what goes through.

It has been suggested that CIA installs backdoors it plausibly denies as owning simply because they lease backdoors just like how computer owners lease Microsoft Windows.

A prior article about CIA installing backdoors into OpenBSD also had a reference to a security firm Kryptos Logic that sells exploits worldwide to anyone with money.

Fake story

I really tired of reading this stuff. Since the PHONE companies are not named I see this as fake, a way to sell a product.

Alternatively

Alternatively, "the presence of ransomware and other easy-to-detect malware seems to suggest" an attempt to obscure the purpose and origins of the infection.

Ulefone had malware in the official rom

Ulefones was found to have malware in the official stock rom in 9/2016, including the official downloadeble updates, and "only" took them 2 months to remove it. :/

But for sub $100 phones with all these feature where can you expect they are cutting corners.

Insert advert for Check Point Software

A total non story, some company somewhere bought Android phones from some other company ...

OK, so Google and Sprint buy hacked phones

It's called eating you own dog food isn't it?

AT&T has Uber as part of the core system apps

When I try to uninstall Uber, I'm warned that since it's part of the core system I may lose stability if I uninstall it. What BS is that?