Be careful if you have a recent device running Android! Researchers have discovered that millions of products have been infected with malware as soon as they left the factory. A disturbing discovery!

Be careful if you have a recent device running Android

Be careful if you have a recent device running Android! Researchers have discovered that millions of products have been infected with malware as soon as they left the factory. A disturbing discovery!

We are used to malware infecting our Android devices, since the Play Store is full of it – much more than on the App Store – but then there! The cybersecurity firm Trend Micro, through the Black Hat Asia 2023 conference – which was held from May 9 to 12 – explains that it has discovered that hackers have managed to infiltrate among smartphone manufacturers in order to install malware in the latter, as soon as they are manufactured. Result: they estimate that about 8.9 million devices are infected with malware before they even go on sale. While smartphones represent the majority of affected devices, TVs, tablets and connected watches, all running Android, are also affected, particularly in Eastern Europe and South Asia. So be very careful if one of your devices comes from there!

Smartphones infected: more than 80 types of malware detected

Infected devices are usually entry-level, as manufacturers relocate production to cut costs – as they need lower quality compared to more expensive products. That’s where the hackers got in, because competition between distributors of firmware – the computer programs embedded in computer hardware, which contribute to its proper functioning and which allow it to evolve, in particular via updates — has become so cutthroat that suppliers are turning to less and less expensive — and more and more dubious — companies. And its latest take advantage of this to integrate silent proxy plug-ins, which are perfectly undetectable.

To put it simply, these plug-ins make it possible to “rent” a restricted access time – 5 minutes maximum at a time – to criminal organizations to infect devices remotely – they are moreover ready to pay enormous sums of money to carry out the operation – and thus steal personal information (data on keystrokes, geographical location, IP address, etc.), spy on messages, take over social networks to distribute fraudulent advertisements, or even to subscribe to premium services without victims’ consent. The researchers analyzed these plug-ins and found no less than 80 pieces of malware!

Trend Micro lists at least ten infiltrated manufacturers: a number that could actually go up to forty. If the company does not give the names, it seems that the word “China” was spoken several times during its presentation, as reported The Register. “While we know the people who make up the infrastructure for this operation, it is difficult to determine precisely how the infection was introduced into smartphones, as we do not know for sure when it entered the chain. supply”explains Fyodor Yarochkin, researcher at Trend Micro. “Major brands like Samsung and Google have done relatively well with their supply chain security”he adds, however, before specifying that “for threat actors, this is still a very lucrative market”.

ccn5