Wouldn’t it be nice to buy and unbox a brand new device and know that it is 100% malware free? Yes… that might not always be the case, as it does appear that in 36 devices tested, malware came pre-installed on Android devices!
Security vendor Checkpoint undertook a review of new devices and found that malware was already present on the devices even before the users received them. These malicious apps were not part of the official ROM images as supplied by the vendor, and were somehow added between the factory and consumer. That means that the supply chain was somehow compromised. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the end-user and the device had to be re-flashed back to a factory image.
Most of the malware variants found pre-installed on these devices were info-stealers and rough ad networks, but one of them was Slocker, a mobile ransomware. Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. Slocker uses Tor for its C&C communications.