Wednesday, December 25, 2024
HomeComputer SecurityBeware of Pre-Installed Mobile Malware in Device System Level Before Shipping

Beware of Pre-Installed Mobile Malware in Device System Level Before Shipping

Published on

SIEM as a Service

A new landscape study states that an upcoming mobile devices may comes with per-installed mobile malware along with malicious code in it.

Per-installed malware means that the mobile device already installed with malicious code in system level that cannot be removed easily.

There are two types of pre-installed malware that is based on the apps location which is one of the important aspects of the apps.

- Advertisement - SIEM as a Service

1 ./system/app/ – The apps which is posted in this location something that you’re regularly using such as, camera, FM, video player and photo viewers etc

2. /system/priv-app/ – This is very important app location and most of the important apps such as settings and system UI, which include the functionality for the back/home buttons on Android devices reside in it.

The First location let allow users to uninstall some apps easily but the second location will not allow users to uninstall the apps without breaking the core essential.

In this case, latest preinstalled malware that reside in the /system/priv-app/ that is quite difficult to remove it.

Pre-Installed Mobile Malware

THL T9 Pro, a device that contains pre-insalled Riskware that perform various malicious activities.

Researchers analyzed the code of this malware and confirmed that
 the well-known preinstalled malware Adups.

This Malware infects the system UI and repeatedly installs variants of Android malware to eventually steal the sensitive information.

Another device is UTOK Q55 that infect with Potentially Unwanted Programs (PUPs) monitoring apps that collect and report sensitive information from the device.

“This particular Monitor app is hardcoded in the highly-important Settings app. In effect, the app used to uninstall other apps would need to be uninstalled itself to remediate—pure irony.”

According to malwarebytes Currently, the best method to deal with these infections is to:

  1. Stay away from devices with these infections. Here are the manufacturers/models we have seen so far that have been impacted:
    • THL T9 Pro
    • UTOK Q55
    • BLU Studio G2 HD
  2. If you already bought one, return the device.
  3. If you already bought the device and can’t return it, contact the manufacturer.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack

Torii Botnet – A New Sophisticated IoT Botnet Attack in Wide – More Powerful Than Mirai

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitve Data Online

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from...

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating...

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability...

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...