World News, May 14, 2023. In a worrying development for Android users, Cybersecurity researchers from Trend Micro have discovered that millions of Android devices, including budget smartphones, smartwatches, and smart TVs, are being shipped with pre-installed info stealer malware due to a supply chain attack. Millions of Android Devices Infected with Pre-Installed Malware Due to Supply Chain Attack, Trend Micro Reveals
This is attributed to the fierce competition among original equipment manufacturers (OEMs) and third-party firmware suppliers offering their products at lower prices. The malware, which is capable of stealing sensitive information, SMS messages, and taking control of social media accounts, is sold on the dark web and marketed on mainstream social media platforms and blogs.
The root of the problem, according to Senior Trend Micro researcher Fyodor Yarochkin and his colleague Zhengyu Dong, is the brutal competition among original equipment manufacturers (OEMs). Smartphone makers aren’t making all of the components themselves, with firmware being built by a third-party firmware supplier. However, as the price of mobile phone firmware kept dropping, the providers ended up being unable to charge money for their products. As a result, Yarochkin explained, the products started coming with a little unwanted extra in the form of “silent plugins.”
Trend Micro found “dozens” of firmware images looking for malicious software and 80 different plugins. Some plugins were part of a wider “business model,” the researchers said, and were sold on dark web forums and even marketed on mainstream social media platforms and blogs. These plugins are capable of stealing sensitive information from the device, stealing SMS messages, taking control of social media accounts, using the devices for ad and click fraud, abusing the traffic, and much more. One of the more serious problems, as The Register stressed, is a plugin that allows the buyer to take full control of a device for up to five minutes and use it as an “exit node.”
The prevalence of this pre-installed malware is a cause for concern, particularly as it is affecting budget devices. Many users who purchase these devices may not have the technical knowledge or resources to remove the malware, leaving them vulnerable to data theft and other cyberattacks.
This incident also highlights the need for increased security measures in the supply chain. With so many components being outsourced to third-party suppliers, it is becoming increasingly difficult to monitor the security of the entire supply chain. As the cost of components continues to decrease, OEMs must ensure that security is not being compromised in the pursuit of profit.
In response to this incident, Trend Micro has provided some recommendations for users. They advise users to research the manufacturer and device before making a purchase, to install a reputable security app on their device, and to use caution when downloading apps from unverified sources. Additionally, users should keep their device’s firmware up-to-date and consider resetting their device to its factory settings if they suspect that it may be infected with malware.
Overall, this incident serves as a reminder of the importance of maintaining good cybersecurity practices and the need for increased vigilance in the face of evolving threats. With the continued growth of the Internet of Things (IoT) and the increasing dependence on connected devices, it is more important than ever to ensure that devices are secure and protected from cyber threats.