Supply chain corruption is here – Android devices infected with malware prior to being bought by an end-user are a fact. This isn’t the first time that this is happened, not by a long way. This certainly isn’t the ‘norm’, but that is has happened is very worrying. Very worrying indeed.
That even SOME android phone and tablets have had their operating system image altered between factory and customer is a REALLY bad problem for the vendors involved.
And while we totally agree that the biggest threat to android security is the user, but to dismiss android supply chain malware so easily really overlooks a massive problem. This is NOT the first time it has happened.
In December last 2016, some low-cost Android smartphones and tablets were found to be shipped with malicious firmware that covertly gathered data about the infected devices, displays ads on top of running apps and downloads unwanted APKs on the victim’s devices.
In November, researchers discovered a hidden backdoor in the AdUps firmware of over 700 Million Android smartphones, which also covertly gathered data on phone owners and sent it to a Chinese server without the user’s knowledge.
This latest round of pre-infected devices included some with a malware known as loki – a spyware tool; and Slocker, a mobile ransomware. These are not minor incidents, no matter how contained they are. Supply-chain Android malware infection is a VERY big deal.
Meanwhile, Google recently cleaned up a family of aggressive ad abusing malware variants, part of a large botnet, that they had been distributing embedded in apps from the Play store, and that is on millions of devices … yes, malware that had previously been undetected and spread by Google Play to their customers is on MILLIONS of devices, even though it cannot be spread any further.