Millions of Android Phones and TVs May Come with Preinstalled Malware (arstechnica.com) 19
"Multiple lines of Android devices came with preinstalled malware," reports Ars Technica, "that couldn't be removed without users taking heroic measures."
Their article cites two reports released Thursday — one from Trend Micro and one from TechCrunch: Trend Micro researchers following up on a presentation delivered at the Black Hat security conference in Singapore reported that as many as 8.9 million phones comprising as many as 50 different brands were infected with malware... ["It's highly likely that more devices have been preinfected," the report clarified, "but have not exchanged communication with the Command & Control server, have not been used or activated by the threat actor, or have yet to be distributed to the targeted country or market... The threat actor has spread this malware over the last five years. "]
"Guerrilla" opens a backdoor that causes infected devices to regularly communicate with a remote command-and-control server to check if there are any new malicious updates for them to install. These malicious updates collect data about the users that the threat actor, which Trend Micro calls the Lemon Group, can sell to advertisers. Guerrilla then surreptitiously installs aggressive ad platforms that can deplete battery reserves and degrade the user experience... Guerrilla is a massive platform with nearly a dozen plugins that can hijack users' WhatsApp sessions to send unwanted messages, establish a reverse proxy from an infected phone to use the network resources of the affected mobile device, and inject ads into legitimate apps...
TechCrunch detailed several lines of Android-based TV boxes sold through Amazon that are laced with malware. The TV boxes, reported to be T95 models with an h616, report to a command-and-control server that, just like the Guerrilla servers, can install any application the malware creators want. The default malware preinstalled on the boxes is known as a clickbot. It generates advertising revenue by surreptitiously tapping on ads in the background...
Android devices that come with malware straight out of the factory box are, unfortunately, nothing new. Ars has reported on such incidents at least five times in recent years (here, here, here, here, and here). All the affected models were in the budget tier.
People in the market for an Android phone should steer toward known brands like Samsung, Asus, or OnePlus, which generally have much more reliable quality assurance controls on their inventory. To date, there have never been reports of higher-end Android devices coming with malware preinstalled. There are similarly no such reports for iPhones.
Their article cites two reports released Thursday — one from Trend Micro and one from TechCrunch: Trend Micro researchers following up on a presentation delivered at the Black Hat security conference in Singapore reported that as many as 8.9 million phones comprising as many as 50 different brands were infected with malware... ["It's highly likely that more devices have been preinfected," the report clarified, "but have not exchanged communication with the Command & Control server, have not been used or activated by the threat actor, or have yet to be distributed to the targeted country or market... The threat actor has spread this malware over the last five years. "]
"Guerrilla" opens a backdoor that causes infected devices to regularly communicate with a remote command-and-control server to check if there are any new malicious updates for them to install. These malicious updates collect data about the users that the threat actor, which Trend Micro calls the Lemon Group, can sell to advertisers. Guerrilla then surreptitiously installs aggressive ad platforms that can deplete battery reserves and degrade the user experience... Guerrilla is a massive platform with nearly a dozen plugins that can hijack users' WhatsApp sessions to send unwanted messages, establish a reverse proxy from an infected phone to use the network resources of the affected mobile device, and inject ads into legitimate apps...
TechCrunch detailed several lines of Android-based TV boxes sold through Amazon that are laced with malware. The TV boxes, reported to be T95 models with an h616, report to a command-and-control server that, just like the Guerrilla servers, can install any application the malware creators want. The default malware preinstalled on the boxes is known as a clickbot. It generates advertising revenue by surreptitiously tapping on ads in the background...
Android devices that come with malware straight out of the factory box are, unfortunately, nothing new. Ars has reported on such incidents at least five times in recent years (here, here, here, here, and here). All the affected models were in the budget tier.
People in the market for an Android phone should steer toward known brands like Samsung, Asus, or OnePlus, which generally have much more reliable quality assurance controls on their inventory. To date, there have never been reports of higher-end Android devices coming with malware preinstalled. There are similarly no such reports for iPhones.
Competing App Store (Score:2)
Well there are 95 Million customers for a competing app-store that doesn't need root to do updates.
Re: (Score:1)
Amazon (Score:3)
Confirmed (Score:5, Informative)
My Samsung phone comes infected with numerous self-serving Samsung and Verizon apps that cannot be removed without flashing a third party distribution of the OS, a so-called ROM, on the phone. This introduces a fleet of issues that makes the effort mostly not worthwhile.
And don't even get me started on the Google viruses you're forced to live with.
Re: (Score:2)
My Samsung phone comes infected with numerous self-serving Samsung and Verizon apps that cannot be removed without flashing a third party distribution of the OS, a so-called ROM, on the phone. This introduces a fleet of issues that makes the effort mostly not worthwhile.
And don't even get me started on the Google viruses you're forced to live with.
Yes, some cannot be uninstalled, but have you tried to disable them?
Many can be disabled from running; just check that state for any changes after every update.
Disabling the unwanted apps might be as good as you can get...until you change to a different brand of phone and different carrier or go through the hassle of installing the 3rd party ROM.
Re: (Score:2)
And don't even get me started on the Google viruses you're forced to live with.
Nobody forces you to get an android phone. Same with Apple's iphones. Or Samsung or whatever brands. Same for telcos you use.
There are many other OS's available for mobile / IOT devices. Some custom, such as Tizen.
https://en.wikipedia.org/wiki/... [wikipedia.org]
If there are enough people buying gear with other OSes, am sure there will be support for them.
Going to go out on a limb here.. open bootloaders? (Score:4, Interesting)
I am going to go out on a limb here... this is why governments should demand phone makers have unlocked bootloaders, where the phone's owner can allow for other master keys for packages, and not just have the phone locked to the manufacture's (likely nonexistent on lower end phones) updates, with some sort of drivers available for the SoCs used, so all the phone's features can work.
This way, even if a phone's default ROM is a malware-infested hunk of junk, the phone can be re-ROMmed with something like LineageOS, AOSP, a custom ROM that is clean, or even just a vanilla Debian or Ubuntu distribution.
Of course, I'll get people saying that older phones are not kept long, or that phone companies shouldn't be responsible for 5+ years of maintenance. This doesn't add any burdens to the phone maker, but helps ensure that a device isn't compromised and is a foothold for attacks via a C&C network, and ensures that the user isn't going to have their crypto wallet stolen, their bank account cleaned out, their identity stolen and sold for cheap, or the phone ransomwared. The only real reason why bootloaders are locked and cannot be unlocked for other ROMs is to ensure devices have an expiration date.
Overall, having the OS separate from the phone can be a good thing. LineageOS is awesome, and being able to have more phone operating systems that are well designed can't hurt.
Re: (Score:1)
Most of these tv boxes have an open bootloader. It's easy to flash a different rom or even burn a copy of libreelec which uses linux to an sd card.
The reason why many of these boxes supposedly have malware on them is often because they have an open bootloader, which makes loading a malware ridden rom on it easy, and not necessarily that they come from the manufacturer that way.
Re:Going to go out on a limb here.. open bootloade (Score:5, Insightful)
As a sort of compromise, once the mandatory support period ends, the OEM may either continue support including offering upgrades to the latest version of the OS in perpetuity (or until they can prove there are no remaining functional units of that model in existence, good luck) or they can unlock the device and provide a complete package of drivers so the user can do their own update SAFELY with no loss of functionality. By safely, I mean absolutely no sequence of events that can result in a brick or require opening the device to recover (with the exception of the absurd like then my phone fell in the shredder...). With a proper bootloader, it CAN be done.
Banking apps on 'phones (Score:4, Insightful)
This is one of the reasons why I will never do banking from my 'phone. I do it via the web from my Debian PC.
Re:Banking apps on 'phones (Score:5, Insightful)
That's nice until your bank requires you to download and use their phone app as a second factor for "security reasons".
Cheapest Chinese Stuff is full of it (Score:3)
Look, if you buy the Cheapest Chinese hardware, you're getting what you paid for. They're not making much money on the hardware, so malware (adware) is where they make some more money.
There are many groups who are incentivized to do this:
- The original manufacturer gets paid to add it.
- Chinese govt. 'encourages' you. Okay, you don't get paid.
- Some guy on the production line gets paid to add it.
- The 3rd party company that makes the firmware for the hardware company gets paid to add it.
- The 3rd party who is shipping you the phone if you're buying it from someplace like Ali Express.
Note that several of these can happen on the same phone - many of these phones come with multiple malware. And there's no penalty for it, so why not?
The US Govt actually paid for Virgin Mobile to send millions of cheap compromised Chinese malware phones (UMX U686CL) to low income people (who already have enough problems). You can't avoid it.
So at least pony up for the cheap stuff from a Korean, Japanese, or 'American' company. Some of those come compromised as well, but the odds are at least 10x better.
"May"? (Score:2)
Every single phone I have ever gotten came with preinstalled crapware you can't get rid of. If you know of one that doesn't, please tell me so because it's going to be my next phone.
Re: (Score:2)
The Google Pixel is something to look into. That, or if you are knowledgable about rooting, an Exynos based Samsung phone from Europe, as the US-made Snapdragons have locked down bootloaders, usually with no meaningful cracks.
Re: (Score:2)
Sorry, I don't have time to putz about with my phone just to get it to work. Either it comes out of the box usable or it is unusable.
Not TV's. (Score:2)
>"Millions of Android Phones and TVs May Come with Preinstalled Malware"
No, it isn't TV's, they are cheap, no-name TV streaming boxes. Not at all the same thing.
Also, the few reports are on cheap, no-name, low-end phones. Examples offered, "Triada" models Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. Never heard of any of that in my life. Never seen one, either. Another mentioned "BLU".... never heard of them or seen one. I am not saying it isn't a problem, but let's put it into perspective.
Any device with Windows11 (Score:3)
should be considered containing malware sharing all your information with Microsoft and a whole bunch of unspecified partners.