Friday, May 24, 2024

Beware of Pre-Installed Mobile Malware in Device System Level Before Shipping

A new landscape study states that an upcoming mobile devices may comes with per-installed mobile malware along with malicious code in it.

Per-installed malware means that the mobile device already installed with malicious code in system level that cannot be removed easily.

There are two types of pre-installed malware that is based on the apps location which is one of the important aspects of the apps.

1 ./system/app/ – The apps which is posted in this location something that you’re regularly using such as, camera, FM, video player and photo viewers etc

2. /system/priv-app/ – This is very important app location and most of the important apps such as settings and system UI, which include the functionality for the back/home buttons on Android devices reside in it.

The First location let allow users to uninstall some apps easily but the second location will not allow users to uninstall the apps without breaking the core essential.

In this case, latest preinstalled malware that reside in the /system/priv-app/ that is quite difficult to remove it.

Pre-Installed Mobile Malware

THL T9 Pro, a device that contains pre-insalled Riskware that perform various malicious activities.

Researchers analyzed the code of this malware and confirmed that
 the well-known preinstalled malware Adups.

This Malware infects the system UI and repeatedly installs variants of Android malware to eventually steal the sensitive information.

Another device is UTOK Q55 that infect with Potentially Unwanted Programs (PUPs) monitoring apps that collect and report sensitive information from the device.

“This particular Monitor app is hardcoded in the highly-important Settings app. In effect, the app used to uninstall other apps would need to be uninstalled itself to remediate—pure irony.”

According to malwarebytes Currently, the best method to deal with these infections is to:

  1. Stay away from devices with these infections. Here are the manufacturers/models we have seen so far that have been impacted:
    • THL T9 Pro
    • UTOK Q55
    • BLU Studio G2 HD
  2. If you already bought one, return the device.
  3. If you already bought the device and can’t return it, contact the manufacturer.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Offering DDoS-for-Hire Service Powered by Bushido Botnet in Dark Web Markets

Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack

Torii Botnet – A New Sophisticated IoT Botnet Attack in Wide – More Powerful Than Mirai

Website

Latest articles

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data...

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining...

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented...

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which...

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits...

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users.These...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles