Pre-installed malware stealing data from Android mobiles

The malware added to the devices' ROM could not be removed by the users, therefore, the devices had to be re-flashed.

Israel-based cyber security firm Check Point has detected a malware that is not downloaded due to users' use but is already present in Android device.
According to a company blog post last week, the pre-installed malware was detected in 38 Android devices, belonging to a large telecommunications company and a multinational technology company.
"The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain," the company said.
The malware added to the devices' ROM could not be removed by the users, therefore, the devices had to be re-flashed.
The research team at Check Point found that one of the pre-installed malwares was Slocker, a mobile ransomware, that uses the Advanced Encryption Standard (AES) encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key.
"The most notable rough adnet which targeted the devices is the Loki Malware. This complex malware operates by using several different components; each has its own functionality and role in achieving the malware's malicious goal," the cyber security firm said.

These are the malware-infected devices that Check Point has named:

Galaxy Note 2
LG G4
Galaxy S7
Galaxy S4
Galaxy Note 4
Galaxy Note 5
Galaxy Note 8
Xiaomi Mi 4i
Galaxy A5
ZTE x500
Galaxy Note 3
Galaxy Note Edge
Galaxy Tab S2
Galaxy Tab 2
Oppo N3
vivo X6 plus
Asus Zenfone 2
LenovoS90
OppoR7 plus
Xiaomi Redmi
Lenovo A850
Pre-installed malwares steal data from the devices and are installed to system, taking full control of the device.
The cyber security firm suggested users to protect themselves from regular and pre-installed malware by implementing advanced security measures capable of identifying and blocking any abnormality in the device's behavior.

• MENA