List of Android Devices Found Containing CIA Malware

 

A list of malware infected Android devices has been released, after a commercial scanner found instances of malware preinstalled on 38 devices.
The find came days after WikiLeaks revealed that the CIA routinely hacked smartphones, infecting them with Malware in order to spy on the American public.
According to a blog published by Check Point Software Technologies, malicious code was found preinstalled on various Android devices that had not be put there by the original phone manufacturers.

Marygreeley.com reports:

In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected.
“This finding proves that, even if a user is extremely careful, never clicks a malicious link, or downloads a fishy app, he can still be infected by malware without even knowing it”, Check Point Mobile Threat Researcher Daniel Padon told. “This should be a concern for all mobile users.”

Most of the malicious apps were info stealers and programs that displayed ads on the phones. One malicious ad-display app, dubbed Loki, gains powerful system privileges on the devices it infects. Another app was a mobile ransomware title known as Slocker, which uses Tor to conceal the identity of its operators.
The infected devices included:
– Galaxy Note 2;
– LG G4;
– Galaxy S7;
– Galaxy S4;
– Galaxy Note 4;
– Galaxy Note 5;
– Galaxy Note 8;
– Xiaomi Mi 4i;
– Galaxy A5;
– ZTE x500;
– Galaxy Note 3;
– Galaxy Note Edge;
– Galaxy Tab S2;
– Galaxy Tab 2;
– Oppo N3;
– Vivo X6 plus;
– Asus Zenfone 2;
– Lenovo S90;
– Oppo R7 plus;
– Xiaomi Redmi;
– Lenovo A850.

Check Point didn’t disclose the names of the companies that owned the infected phones. An earlier version of the Check Point blog post included Nexus 5 and Nexus 5x, but those models were removed without explanation in an update.
Padon said it’s not clear if the two companies were specifically targeted or if the infections were part of a broader, more opportunistic campaign. The presence of ransomware and other easy-to-detect malware seems to suggest the latter. Check Point also doesn’t know where the infected phones were obtained. One of the affected parties was a “large telecommunications company” and the other was a “multinational technology company”.

Here we go again

This isn’t the first time Android phones have been shipped preinstalled with apps that can surreptitiously siphon sensitive user data to unknown parties. Earlier on, researchers found a secret backdoor installed on hundreds of thousands of Android devices manufactured by BLU. A separate research team uncovered a different backdoor on more than 3 million Android devices from BLU and other manufacturers. In those cases, however, the backdoors were previously unknown, and, in the latter case, they were intended to deliver legitimate over-the-air updates.

Check Point’s report shows why it’s never a bad idea to scan a new Android device for malware, especially if the device is obtained through low-cost channels. Reputable malware scanners such as those from Lookout, Check Point, or Malwarebytes are all suitable. Most such apps can be used to scan a phone without having to pay a subscription. Although who sold or supplied the 38 phones Check Point found infected is unknown, another general rule is to avoid low-cost resellers. Instead, buy from a trusted store or website.

 

yogaesoteric
September 12, 2018

Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More