1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Millions of Android phones are shipping with malware already inst

    From TechnologyDaily@1337:1/100 to All on Sat May 13 13:15:03 2023
    Millions of Android phones are shipping with malware already installed

    Date:
    Sat, 13 May 2023 12:04:30 +0000

    Description:
    Cutthroat competition among Android firmware makers results in some unwanted extras.

    FULL STORY ======================================================================

    Cybersecurity researchers from Trend Micro have discovered a worrying supply chain attack in which millions of Android devices are infected with infostealer malware before they even make it out of the factory.

    The affected device are mostly budget smartphones , but the attack also spilled into smartwatches, smart TVs, and other smart devices.

    Senior Trend Micro researcher Fyodor Yarochkin, and his colleague Zhengyu
    Dong recently spoke about this issue at the conference in Singapore, noting the root of the problem stems from brutal competition among original
    equipment manufacturers. Silent plugins

    As it turns out, smartphone makers arent making all of the components. Firmware, for example, is being built by a third-party firmware supplier. However, as the price of mobile phone firmware kept dropping, the providers ended up being unable to charge money for their products.

    Hence, Yarochkin explained, the products started coming with a little
    unwanted extra in the form of silent plugins. Trend Micro found dozens of firmware images looking for malicious software, and 80 different plugins.
    Some plugins were part of a wider business model, the researchers said, were sold on dark web forums, and even marketed on mainstream social media platforms and blogs. Read more

    This dangerous Android malware is seeing a huge rise in infections


    Dangerous new 'Hook' Android malware lets hackers remotely control your
    phone


    Check out the best ransomware protection software right now

    These plugins are capable of stealing sensitive information from the device, steal SMS messages, take control of social media accounts, use the devices
    for ad and click fraud, abuse the traffic , the list goes on. One of the more serious problems, The Register stressed, is a plugin that allows the buyer to take full control of a device for up to five minutes, and use it as an exit node.

    Trend Micro says the data suggests that close to nine million devices worldwide are affected by this supply chain attack, the majority of which are located in Southeast Asia and Eastern Europe. The researchers didnt want to name the perpetrators, but they did mention China a few times, the
    publication concluded. Here are the best ID theft protection options around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/millions-of-android-phones-are-shipping-with-ma lware-already-installed


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)