Your Android phones may contain malware out of the box
In a troubling discovery, cybersecurity researchers at Trend Micro have unveiled a widespread supply chain attack that has resulted in millions of Android devices being compromised before they even leave the factory.
This revelation raises significant concerns about the security of Android smartphones, smartwatches, smart TVs, and other smart devices. The attack primarily affects budget smartphones but has also infiltrated various other devices in the ecosystem.
Silent plug-ins are in your smartphones
The root of the problem lies in the intense competition among original equipment manufacturers (OEMs), as highlighted by Senior Trend Micro researcher Fyodor Yarochkin and colleague Zhengyu Dong during their presentation at a recent conference in Singapore. To reduce costs, OEMs outsource the development of components such as firmware to third-party suppliers. However, as the price of mobile phone firmware continues to decline, these suppliers have struggled to generate revenue from their products.
As a result, a disconcerting practice known as "silent plugins" has emerged. Trend Micro's investigation discovered numerous instances of firmware images containing malicious software, along with a staggering 80 different plugins. These plugins are part of a larger "business model" and are available for purchase on dark web forums. Some are even promoted on mainstream social media platforms and blogs.
Their capabilities include the theft of sensitive information, interception of SMS messages, hijacking of social media accounts, engagement in ad and click fraud, manipulation of web traffic, and more. Of particular concern is a plugin that grants the buyer complete control over a device for up to five minutes, effectively turning it into an "exit node".
9 million devices are suspected
Trend Micro's analysis indicates that nearly nine million devices worldwide have fallen victim to this supply chain attack. The majority of affected devices are concentrated in Southeast Asia and Eastern Europe, although the researchers refrained from explicitly naming the perpetrators.
However, China was mentioned multiple times, leaving room for speculation regarding the origin of the attack. Maybe it's all because Google was too late in recognizing such problems. Because 11 applications that were found to be malware in the Play Store were removed from the platform recently.
Advertisement
@Iron Heart, who has recently started to express his true feelings that “Google is great”, will probably self imply that this topic is also “not Google’s fault”. Ahahahaha
Don’t worry about plugins which can steal your data. Google already steals much more than all those plugins combined. Android is basically a total and complete spyware suite. This is why Google’s Android could never compete with battery & resource usage against any mainstream mobile OS.
“Your Android phones may contain malware out of the box”
..MAY?
All of them do. They contain malware from Google, Microsoft, Samsung, Meta etc etc. Google malware doesn’t control your phone for 5 minutes, it’s constant.
Exactly. That’s why I run GrapheneOS on my Pixel 7 Pro.
sadly thats doesnt help you a notch vs malware in the vendorrom partition. and theres all the firmware that run the actual devices like modem, screen, charger,gpu, etc.