Mar 13, 2017 06:04 AM EDT
Unavoidable Android Malware Infects 38 Phones: Personal Info Stolen From Even The Most Careful Users
A dangerous malware has infected 38 Android devices manufactured by two unidentified companies. The malware is alarming because it can still affect handsets even though the user doesn't come into contact with malicious links and apps.
The news came from Check Point Software Technologies, an Israeli software company that specializes in IT, mobile and network security. The malware didn't come alongside the phone makers' official ROM firmware, but it was put in place sometime along the supply chain.
Daniel Padon, a mobile researcher at Check Point, told Ars Technica that the malware can infect an Androd phone "even if a user is extremely careful, never clicks a malicious link, or downloads a fishy app." And what's worse above it all is that users aren't aware that their phone is already swimming in the malware until it begins stealing personal information.
The affected Android phones are as follows: the Samsung Galaxy Note 2, Galaxy S7, Galaxy S4, Galaxy Note 4, Galaxy Note 5, Galaxy Note 8.0, Galaxy A5, Galaxy Note 3, Galaxy Note Edge, Galaxy Tab S2, Galaxy Tab 2, LG G4, Xiaomi Mi 4i, Xiaomi Redmi, ZTE x500, Oppo N3, OppoR7 Plus, Vivo X6 Plus, Nexus 5, Nexus 5X, Asus ZenFone 2, LenovoS90 and Lenovo A850.
Info thieves and programs use the malware to forcibly display ads on the affected phones. An ad-display app called "Loki," for instance, has access to the device's system, while "Slocker" keeps its operators' identities a secret. The user can't remove the malware unless the phone's firmware was reinstalled.
Check Point refused to name the manufacturers of the phones, but they hinted that one party was a "large telecommunications company" and the second one was a "multinational technology company."
Android users are advised to install malware scanners to prepare for possible threats such as this. Some trusted anti-malware softwares are Norton Mobile Security, MalwareBytes, Lookout and Kaspersky. For PCs, it's best to use BitDefender, Panda Free Antivirus, Ad-Aware and Spybot.
If a malware was discovered and cannot be removed by any of these scanners, users must consult with the phone's manufacturer to clean the device. Check Point also advised users to buy phones from trusted stores or retailers instead of resellers that offer them at a lower price point.
Android users have higher chances of downloading malware than Apple device owners. Earlier this month, cybersecurity firm Palo Alto Networks found 132 malware-infected Android apps on the Google Play Store. Android devices are hackers' favorite target because the OS is more undefended and adjustable than iOS.