In the Google Play Store, you can often find apps that contain malware, adware, or spyware. Some of these apps are even labeled as spyware or malware. The fact that malware is installed through pre-installed apps is a less well-known fact; however, researchers are raising awareness regarding the increasing trend of malware targeting pre-installed software. Hackers only need to subvert one of the hundreds of apps included with millions of affordable Android phones to gain access to their data. It is imperative to realize, however, that managing the problem is significantly more difficult than handling rogue apps that find their way onto the Google Play Store in the first place.
In a recent report published at Black Hat Asia, Trend Micro researchers claimed that criminals had used malware to infect millions of Android devices. This was before the devices left the factories.
Hardware in this category focuses on Android mobile devices at lower prices. However, it includes smartwatches, televisions, and other products.
Microsoft researchers investigating counterfeit software in China found that machines booting for the first time were already compromised with botnet malware right out of the box. This was due to brand-new devices being plugged in for the first time.
A Chinese businessman is facing a lawsuit from Microsoft for using his domain name to commit computer fraud.
This lawsuit alleges that Nitol malware on the new computer systems points to 3322.org as the source of the compromise on the system. Several online activities are believed to be related to malicious activities and malware on this website, according to Microsoft. In addition to Nitol, Microsoft points out that the site is hosting 500 other types of malware. Reports have revealed that Microsoft has seen more malicious software stored in this repository than at any other time in history, according to a Washington Post story.
It is known that there have been many cases where devices have been received by customers with malware pre-installed as a part of the package. As a result of a Canadian security consultant's discovery of malware baked into the firmware of an Android TV box he purchased from Amazon, he decided to do some further research on it and found that it contained persistent, sophisticated malware.
Daniel Milisic found this malware, which can be nullified by a script and instructions he created. This script and instructions can be used by users to disable the malware's communications with the command and control server (C2) as well as disable the payload.
The devicebeing discussed here is the T95 Android TV box with a processor by AllWinner. This box is widely available on Amazon, AliExpress, and other major online stores.
A malicious component has been found on this individual device, but it is not clear if this malicious component has been found in all devices from this model or brand.
Original equipment manufacturers (OEM) are the companies that manufacture gadgets, and they outsource manufacturing. Researchers say that in the current manufacturing pipeline, organizations in the supply chain – for example, firmware suppliers – infect products with malicious code as they are shipped.
The problems could be much more serious and widespread if a virus is introduced into the device at the beginning of the manufacturing process. This could be done by a corrupt employee or a hacker when software is being uploaded or at some other early stage in the production process.
Due to the lack of transparency maintained by electronics makers and the companies they work with to build their products, it is virtually impossible to know how many devices have been sold or how viruses have spread with any degree of precision. There is no doubt that the numbers could be huge, given the nature of mass manufacturing.
Research conducted by Trend Micro has raised alarm about the increased trend of Android devices being sold with malicious software pre-installed, and they are warning users of the dangers associated with this. Malware embedded in system apps or device firmware can be challenging to identify and remove. This is even though you can easily remove an app downloaded from the Play Store.
“How can you infect millions of devices most quickly and easily?” was the question posed by Trend Micro researcher Fyodor Yarochkin at the conference in Singapore that he attended with colleague Zhengyu Dong.
As Yarochkin points out, infiltrating devices so early in their lifecycle is like putting a liquid in a tree: when the infection is put at the root of the tree, it spreads right out and into every single limb and leaf of the tree.
During the decline in the price of mobile phone firmware, the insertion of malware began to become more common. It got so intense that firmware providers could not charge a price for their products because the competition among firmware distributors became so intense
There has been an increase in pre-installed malware infections over the past couple of years, which Yarochkin says is partly due to the competition among mobile firmware developers to yield the cheapest product possible. Several developers started offering firmware for free on their websites once selling firmware became unprofitable.
In part, the concern comes from the way the preinstalled malware operates, or, more precisely, the depth to which it is embedded in the system. Fortunately, there is still a high chance that malware can be identified and removed by many security software packages. Despite this, malware threats that operate at the kernel level of an operating system, or the BIOS level on a PC, often remain undetected by most antimalware programs. This is due to their nature of functioning at a level far deeper than the operating system.
In the world of malicious software, there is money to be made. Criminals find several ways to spread malicious software. These methods can also prove clever and innovative. It is certainly possible to plant malware into laptops, smartphones, or tablets before they are even purchased, unboxed, and exposed to the public in the first place.
Against these threats, what steps can you take?
In the first instance, you should buy your PC, tablet, or smartphone hardware from a respected and established brand. This is when you buy a brand-name computer from HP, Dell, Acer, Sony, etc. There is a low chance of it coming with pre-installed malware out of the box; unless you take the risk.
A device with a high probability of being malware-free is an iPad, Nexus 7, or Kindle Fire if you purchase them from Apple, Google, or Amazon.
A PC or knock-off tablet purchased online from an unknown, shady site can be the victim of malware infection if you go bargain shopping.
You should not assume that your PC or mobile device is inherently safe and malware-free just because it is the first one you purchased.
Likewise, it might not be advisable to rely on any pre-installed security software, since you cannot verify that it is genuine and is free from malware in the first place.
To detect and identify any malware that may already be present on your machines, you should install a cross-device security tool that is reliable and able to detect malware.
