Your Android phones may contain malware out of the box

Emre Çitak
May 15, 2023
Google Android

In a troubling discovery, cybersecurity researchers at Trend Micro have unveiled a widespread supply chain attack that has resulted in millions of Android devices being compromised before they even leave the factory.

This revelation raises significant concerns about the security of Android smartphones, smartwatches, smart TVs, and other smart devices. The attack primarily affects budget smartphones but has also infiltrated various other devices in the ecosystem.

Silent plug-ins are in your smartphones

The root of the problem lies in the intense competition among original equipment manufacturers (OEMs), as highlighted by Senior Trend Micro researcher Fyodor Yarochkin and colleague Zhengyu Dong during their presentation at a recent conference in Singapore. To reduce costs, OEMs outsource the development of components such as firmware to third-party suppliers. However, as the price of mobile phone firmware continues to decline, these suppliers have struggled to generate revenue from their products.

Android phones allegedly released on the market loaded with plugin malware

As a result, a disconcerting practice known as "silent plugins" has emerged. Trend Micro's investigation discovered numerous instances of firmware images containing malicious software, along with a staggering 80 different plugins. These plugins are part of a larger "business model" and are available for purchase on dark web forums. Some are even promoted on mainstream social media platforms and blogs.

Their capabilities include the theft of sensitive information, interception of SMS messages, hijacking of social media accounts, engagement in ad and click fraud, manipulation of web traffic, and more. Of particular concern is a plugin that grants the buyer complete control over a device for up to five minutes, effectively turning it into an "exit node".

9 million devices are suspected

Trend Micro's analysis indicates that nearly nine million devices worldwide have fallen victim to this supply chain attack. The majority of affected devices are concentrated in Southeast Asia and Eastern Europe, although the researchers refrained from explicitly naming the perpetrators.

However, China was mentioned multiple times, leaving room for speculation regarding the origin of the attack. Maybe it's all because Google was too late in recognizing such problems. Because 11 applications that were found to be malware in the Play Store were removed from the platform recently.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Anonymous said on May 16, 2023 at 1:53 am

    @Iron Heart, who has recently started to express his true feelings that “Google is great”, will probably self imply that this topic is also “not Google’s fault”. Ahahahaha

  2. The future is colonialism said on May 15, 2023 at 8:32 pm

    Don’t worry about plugins which can steal your data. Google already steals much more than all those plugins combined. Android is basically a total and complete spyware suite. This is why Google’s Android could never compete with battery & resource usage against any mainstream mobile OS.

  3. Malwart said on May 15, 2023 at 3:50 pm

    “Your Android phones may contain malware out of the box”

    All of them do. They contain malware from Google, Microsoft, Samsung, Meta etc etc. Google malware doesn’t control your phone for 5 minutes, it’s constant.

    1. Robert said on May 16, 2023 at 1:36 am

      Exactly. That’s why I run GrapheneOS on my Pixel 7 Pro.

      1. Anonymous said on May 19, 2023 at 2:24 am

        sadly thats doesnt help you a notch vs malware in the vendorrom partition. and theres all the firmware that run the actual devices like modem, screen, charger,gpu, etc.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.