TheaterFire

Millions of mobile phones come pre-infected with malware

Posted by COMPUTER1313@reddit | hardware | View on Reddit | 9 comments

Reply to Post

9 Comments

m1llie@reddit

No hard info in this entire article? This is a pretty bold claim to be making without naming a single make/model of device that is supposedly infected.
View on Reddit #1971401

Goovscoov@reddit

Technical overview : [https://www.trendmicro.com/en\_us/research/23/e/lemon-group-cybercriminal-businesses-built-on-preinfected-devices.html](https://www.trendmicro.com/en_us/research/23/e/lemon-group-cybercriminal-businesses-built-on-preinfected-devices.html) The full details were presented at BlackHat Asia 2023 : [https://www.blackhat.com/asia-23/briefings/schedule/index.html#behind-the-scenes-how-criminal-enterprises-pre-infect-millions-of-mobile-devices-31235](https://www.blackhat.com/asia-23/briefings/schedule/index.html#behind-the-scenes-how-criminal-enterprises-pre-infect-millions-of-mobile-devices-31235)
View on Reddit #2281821

loser7500000@reddit

this is more just a fun anecdote and details are really fuzzy, but the 2016 Oppo I'm using came with Touchpal keyboard software bundled (and unremovable). Last year, it blew up that Touchpal was using a tab in the preinstalled browser and probably some OS witchcraft through their installed keyboard to create this stupid fucking "puzzle blocks" shortcut on the home screen every 2 minutes which took you to a comically dodgy apk website. I think I had that shortcut for 3 days or so before Oppo sorted it out
View on Reddit #1977951

RedspearF@reddit

You can try removing the keyboard using adb though? And use a third party keyboard
View on Reddit #1983673

loser7500000@reddit

I don't know how the adware worked, but the issue resolved as soon as that tab I mentioned was closed. I switched to Gboard years ago when the keyboard itself started showing ads (lol.) I should probably try adb but I'm lazy
View on Reddit #1984863

COMPUTER1313@reddit (OP)

I did some looking around for older articles that specifically named models. A 2017 article specifically called out affected phone models: https://www.theregister.com/2017/03/12/malware_infecting_androids_somewhere_in_the_supply_chain/ A 2018 article with more affected smartphone models, primarily low cost ones: https://www.bleepingcomputer.com/news/security/banking-trojan-found-in-over-40-models-of-low-cost-android-smartphones/ One specific Android TV box model that came with malware: https://www.bleepingcomputer.com/news/security/android-tv-box-on-amazon-came-pre-installed-with-malware/
View on Reddit #1971628

conquer69@reddit

Why are you posting an article from 2017 as news OP?
View on Reddit #1974970

COMPUTER1313@reddit (OP)

That article was citing a 2023 Blackhat conference. > “What is the easiest way to infect millions of devices?” posed senior Trend Micro researcher Fyodor Yarochkin, speaking alongside colleague Zhengyu Dong at the conference in Singapore. https://www.blackhat.com/asia-23/briefings/schedule/index.html#behind-the-scenes-how-criminal-enterprises-pre-infect-millions-of-mobile-devices-31235
View on Reddit #1975964

COMPUTER1313@reddit (OP)

TLDR: Suppliers that provide firmware to the smartphone manufacturing production lines are intentionally adding in "extras". > The malware turns the devices into proxies which are used to steal and sell SMS messages, take over social media and online messaging accounts, and used as monetization opportunities via adverts and click fraud. ... > Through telemetry data, the researchers estimated that at least millions of infected devices exist globally, but are centralized in Southeast Asia and Eastern Europe. A statistic self-reported by the criminals themselves, said the researchers, was around 8.9 million. And it's not just smartphones that are affected: > This hardware is mainly cheapo Android mobile devices, though smartwatches, TVs, and other things are caught up in it.
View on Reddit #1969574