Sunday, April 13, 2025
Follow us On Linkedin
HomeComputer SecurityBeware of Pre-Installed Mobile Malware in Device System Level Before Shipping

Beware of Pre-Installed Mobile Malware in Device System Level Before Shipping

Computer SecurityMalware

Published on

By Balaji
Beware of Pre-Installed Mobile Malware in Device System Level Before Shipping

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A new landscape study states that an upcoming mobile devices may comes with per-installed mobile malware along with malicious code in it.

Per-installed malware means that the mobile device already installed with malicious code in system level that cannot be removed easily.

There are two types of pre-installed malware that is based on the apps location which is one of the important aspects of the apps.

- Advertisement - Google News

1 ./system/app/ – The apps which is posted in this location something that you’re regularly using such as, camera, FM, video player and photo viewers etc

2. /system/priv-app/ – This is very important app location and most of the important apps such as settings and system UI, which include the functionality for the back/home buttons on Android devices reside in it.

The First location let allow users to uninstall some apps easily but the second location will not allow users to uninstall the apps without breaking the core essential.

In this case, latest preinstalled malware that reside in the /system/priv-app/ that is quite difficult to remove it.

Pre-Installed Mobile Malware

THL T9 Pro, a device that contains pre-insalled Riskware that perform various malicious activities.

Researchers analyzed the code of this malware and confirmed that
 the well-known preinstalled malware Adups.

This Malware infects the system UI and repeatedly installs variants of Android malware to eventually steal the sensitive information.

Another device is UTOK Q55 that infect with Potentially Unwanted Programs (PUPs) monitoring apps that collect and report sensitive information from the device.

“This particular Monitor app is hardcoded in the highly-important Settings app. In effect, the app used to uninstall other apps would need to be uninstalled itself to remediate—pure irony.”

According to malwarebytes Currently, the best method to deal with these infections is to:

  1. Stay away from devices with these infections. Here are the manufacturers/models we have seen so far that have been impacted:
    • THL T9 Pro
    • UTOK Q55
    • BLU Studio G2 HD
  2. If you already bought one, return the device.
  3. If you already bought the device and can’t return it, contact the manufacturer.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack

Torii Botnet – A New Sophisticated IoT Botnet Attack in Wide – More Powerful Than Mirai

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

cyber security

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...
Android

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...
Cyber Attack

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...
cyber security

HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Android

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...
Browser

TROX Stealer Harvests Sensitive Data Including Stored Credit Cards and Browser Credentials

Cybersecurity experts at Sublime have uncovered a complex malware campaign revolving around TROX Stealer,...
cyber security

GOFFEE Deploys PowerModul in Coordinated Strikes on Government and Energy Networks

The threat actor known as GOFFEE has launched a series of targeted attacks against...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved