New Phones and PRE-INSTALLED Malware

You have a brand new phone from the shop and you are excited to start it up. This phone is everything you want and o course it is Malware free, well actually, surprisingly it may already be infected. So, you would assume the manufacturer is responsible for this act of treason.

The problems seem to be occurring with third parties buying the phones and selling them on. At this point, the original firmware is reprogrammed and the malware is placed in something like Facebook. There is very little you as a customer can do. You do not know that it is there, and even if you did there really is not much you can do about it as it is set in the firmware of the phone itself.

A few examples of pre-installed malware:

  • Android smartphones have been sold with pre-installed with a fake Netflix app that steals user credit card data.
  • Point-of-sale (POS) card readers have been delivered with pre-installed sniffer programs.
  • USB drives and cameras given out as gifts at trade shows have had pre-installed Trojans that enable remote access to the recipients’ computers.
  • SmartScreen in Windows 8.1 reportedly has pre-installed spyware that records every piece of software a user installs and has the capacity to disable software or hardware.
  • According to its own report, the NSA (National Security Agency) routinely intercept servers, routers and other devices being shipped overseas and builds backdoor surveillance technologies into them.


From Network World

Many of the suspect phones are sold in Asia and Europe through third parties or middleman and aren’t coming directly from the manufacturers, Hayter said.

Brands of affected phones include Xiaomi, Huawei, Lenovo, Alps, ConCorde, DJC, Sesonn and Xido.

G Data has contacted some manufacturers, including Lenovo, whose S860 Android smartphone in one instance was found to have the malware.

Ray Gorman, Lenovo’s executive director of external communications, wrote in an email that the device G Data analyzed came from a third-party marketplace. The malware was installed by middlemen, he wrote.

“This is the only such occurrence we have been made aware of,” Gorman wrote. “We always recommend customers transact with authorized distribution channels and only accept merchandise that comes in an official box with original factory seals.”

Article Bought a brand-new phone? It could still have malware