Researchers from a mobile security management platform have detected pre-installed malware on Android devices manufactured by giants like Asus, Samsung, Motorola, and LG Electronics, according to reports.
David Jevans, CTO and founder of Marble Security, said his company has found rogue software posing as a Netflix application that was shipped with the new devices, and that the malicious agent is designed to pilfer sensitive user information and exfiltrate it to Russia.
The company became aware of the malicious application after being alerted by a potential customer who thought the company’s security offerings were faulty after repeatedly identifying the supposed Netflix app as being malicious.
“They basically said ‘Your stuff doesn’t work’. It thinks Netflix is malicious,” said Jevans. “We’re like, yeah, this isn’t the real Netflix. You’ve got one that has been tampered with and is sending passwords and credit card information to Russia.”
Though not a common occurrence that new devices are shipped with malware pre-installed, this is not the first such case. Lookout Mobile Security said they have identified several instances in the past where malware showed up on new phones, including a variant of malware on devices imported from China.
“We can say that we’ve seen malware authors target device supply chains as a way to install malware in a device before it ends up in the hands of a customer,” Lookout’s Marc Rogers said.
The device manufacturers deny any knowledge of the malware infecting devices pre-sale. “If there is a fake Netflix app on the devices, it is something that was not preloaded by Samsung or U.S. carrier partners,” said Samsung’s Jessica Baker.
Read More Here…