Your Android phones may contain malware out of the box
In a troubling discovery, cybersecurity researchers at Trend Micro have unveiled a widespread supply chain attack that has resulted in millions of Android devices being compromised before they even leave the factory.
This revelation raises significant concerns about the security of Android smartphones, smartwatches, smart TVs, and other smart devices. The attack primarily affects budget smartphones but has also infiltrated various other devices in the ecosystem.
Silent plug-ins are in your smartphones
The root of the problem lies in the intense competition among original equipment manufacturers (OEMs), as highlighted by Senior Trend Micro researcher Fyodor Yarochkin and colleague Zhengyu Dong during their presentation at a recent conference in Singapore. To reduce costs, OEMs outsource the development of components such as firmware to third-party suppliers. However, as the price of mobile phone firmware continues to decline, these suppliers have struggled to generate revenue from their products.
As a result, a disconcerting practice known as "silent plugins" has emerged. Trend Micro's investigation discovered numerous instances of firmware images containing malicious software, along with a staggering 80 different plugins. These plugins are part of a larger "business model" and are available for purchase on dark web forums. Some are even promoted on mainstream social media platforms and blogs.
Their capabilities include the theft of sensitive information, interception of SMS messages, hijacking of social media accounts, engagement in ad and click fraud, manipulation of web traffic, and more. Of particular concern is a plugin that grants the buyer complete control over a device for up to five minutes, effectively turning it into an "exit node".
9 million devices are suspected
Trend Micro's analysis indicates that nearly nine million devices worldwide have fallen victim to this supply chain attack. The majority of affected devices are concentrated in Southeast Asia and Eastern Europe, although the researchers refrained from explicitly naming the perpetrators.
However, China was mentioned multiple times, leaving room for speculation regarding the origin of the attack. Maybe it's all because Google was too late in recognizing such problems. Because 11 applications that were found to be malware in the Play Store were removed from the platform recently.Advertisement