This is certainly one of the most staggering discoveries in cybersecurity: millions of Android smartphones in circulation today were infected with malware from the moment they were manufactured. A total of 80 pieces of malware were unearthed by the researchers.
If malware is now part of the landscape on Android, there are still some revelations that send shivers down your spine. The latest from Trend Micro is undeniably part of this last category. According to the cybersecurity firm, hackers have managed to infiltrate smartphone manufacturers to install malware as soon as they are manufactured. Today, millions of devices are already infected when they go on sale.
Smartphones represent a large majority of infected devices, but there are also TVs, tablets and connected watches, all running on Android. In most cases, these are cheap devices, which push their manufacturer to relocate their production in order to reduce costs. According to Trend Micro, it is precisely by using low-cost manufacturers that manufacturers have opened the way to pirates.
Related — Android: This Dangerous Malware Steals Your Passwords and Banking Information
Millions of Android smartphones infected with malware right from the start
Thus, hackers would have infiltrated the production chain, particularly with firmware suppliers. This access allowed them to introduce what Trend Micro calls “silent plug-ins”. These are perfectly undetectable by the average user. By analyzing these plug-ins, the researchers found no less than 80 pieces of malware.
Not all have been widely distributed, says Trend Micro. Still, they all have an impact, more or less considerable, on user safety. Thus, some are so effective that they are now resold on the black market, sometimes even on popular social networks such as Facebook and YouTube. The uses, meanwhile, change depending on the malware.
Some act as proxies capable of monitoring the activity of the user on his smartphone, in particular spying on his SMS conversations in search of sensitive data, or even taking possession of his social networks to distribute fraudulent advertisements there. Hackers can also install a keystroke that allows them to recover passwords typed by the victim, or even analyze their geolocation and IP address.
In total, researchers estimate that 8.9 million devices are affected by this massive threat. These are mainly located in Eastern Europe and South Asia. They therefore call for caution when buying a new Android device, especially in terms of where it comes from.
As for who is behind this network, Trend Micro is more evasive. “While we know the people who make up the infrastructure of this company, it is difficult to determine precisely how the infection was introduced into smartphones, because we do not know for sure when it entered the chain. supply »said Fyodor Yarochkin, researcher at Trend Micro.*
On the same subject — Android: this new malware can take your smartphone hostage, here’s how to avoid it
It remains to be determined which manufacturers have seen their production lines infiltrated. The cybersecurity firm lists at least ten of them, but specifies that the actual number of manufacturers concerned could climb up to 40. How, then, can you ensure that your smartphone and other devices are secure? Unfortunately, there is no secret: you have to get your hands on the wallet.
“Major brands like Samsung and Google have done relatively well with their supply chain security”explains Fyodor Yarochkin, before specifying that “for threat actors, this is still a very lucrative market”. In other words, the most affordable manufacturers are the most likely to market infected devices without their knowledge.
Source: Black Hat Asia