Android devices, including smartphones and TV boxes, are sold with malware preinstalled.
Millions of smartphones within reach of hackers. This is according to a report by Trend Micro, a cybersecurity company, published on Wednesday, May 17th. The company estimates that 8.9 million Android smartphones are sold with preinstalled malware.
“At least 50 different brands would be infected by this virus,” calculates Trend Micro, without naming the affected brands in detail.
The countries with the highest concentration of infected smartphones include the United States, followed by Mexico, Indonesia, Thailand and Russia. Only 3.85% of infected smartphones are in Europe, compared to more than 55% in Asia.
The malware, dubbed Guerrilla, could open a backdoor that allows infected devices to periodically communicate with a remote command server controlled by hackers. The goal: Check whether new malicious updates need to be installed.
According to Trend Micro, these malicious updates allow hackers to collect user data in order to resell it to advertisers. The software then quickly and discreetly installs so-called “aggressive” advertising platforms, which can drain the smartphone’s battery and thus degrade the user experience.
Intercepting SMS and sending WhatsApp messages
The software is also able to intercept text messages and read their content, including one-time passwords that can be sent to confirm online purchases, for example.
It is also connected to the applications of the Facebook galaxy. It is thus able to “intercept specific activities in order to access the activity list of the Facebook application,” explains Trend Micro. “It also retrieves Facebook-related cookies and uploads them to its command-and-control server,” the report continues.
The software is able to collect additional data, such as the friends list, the profile or the e-mail addresses. A similar function is also used on WhatsApp to send unwanted messages.
“These two plugins were used for ‘overseas marketing’ to allow customers to use hacked Facebook accounts and strengthen their marketing platform by posting messages on Facebook on behalf of the hacked accounts,” the report reads.
Such use would also allow hackers to access existing Facebook accounts, which are less likely to be detected by the platform’s algorithms in the event of illegal activity.
Infected Android TV boxes
In addition to smartphones, Android TV boxes would also be affected by malware, reports TechCrunch. The AllWinner and RockChip models, both sold on Amazon, are “sold with preinstalled malware capable of launching coordinated cyberattacks,” according to the American media.
And further: “The software can install any applications desired by its developers.” This software, called Clickbot, generates advertising revenue by clicking on ads in the background discreetly and instead of the user. This vulnerability was discovered by the Electronic Frontier Foundation (EFF), an organization that protects Internet freedoms.
“These devices, made by little-known third parties based in China, have no reputation to protect. Unlike big brands, they can sell their products at low prices by reducing the cost of quality control and device safety without having to watch their costs.” “The reputation suffers,” laments the NGO in a blog post dated 10th of May.
The EFF warns of the “danger” this poses “to consumers, their networks, and to the security and stability of the internet as a whole”. However, it is not possible to perform an enhanced security check on all resold goods. Amazon may specify a more thorough pre-sale screening process for consumer devices.”