Back to Top

Hackers preinstall viruses in several Android phones

Ahh, the thrill of purchasing a new smart phone! Often, if you take your time to do some research online, you will be able to get more than what you were expecting in exchange for your money. Some people have gotten a bonus battery pack, a high-quality pair of headphones or a Bluetooth speaker, for example. However, for others, the "bonus" was an unexpected surprise: their new phones were shipped with preinstalled malware.

Almost 40 high-end smart phone models which were produced by Samsung, LG, Asus and Lenovo have been infected with viruses. Check Point, a known security researcher, has detected the malware on brand-new devices; the viruses were installed straight to the ROM, even though they were not present in the official read-only memory image which was supplied by the manufacturer.

So, what happened? It looks like the malicious software was installed by hackers along the supply chain. Most malware consisted of programs that can gather, and then send confidential information to their makers. In addition to this, a mobile ransomware version of Slocker, which uses the almost unbreakable AES encryption algorithm to scramble the content of all the files on the phone, has been detected as well. Loki Malware, a complex virus which utilizes various software components to display illegitimate ads, and thus get its creators money, has also been detected.


Since all these viruses were installed to the ROM, they couldn't be removed without flashing the operating system. Sadly, this means that non-techies were unable to figure out what happened, and what they can do to fix the problem.

The article mentioned above also lists the phone models that have been affected; the list includes Galaxy Note 2, Galaxy Note 4, Galaxy Note 8, LG G4, Galaxy S7, Asus Zenphone 2, Lenovo S 90, and many more. Hopefully, if you own one of these phones, you haven't purchased a device from one of the affected batches.

But what can we do to stay safe in the first place? Frankly, there are very few precautions that you can take to keep your phone clean if it's been infected somewhere along the supply chain. In this case, the only solution is to reflash the ROM memory using an officially signed version of the Android operating system.

Often, people purchase virus-free smartphones from official stores. So, to minimize the risks, be sure to get a new phone from one of the official distributors.

Then, ensure that you are only downloading applications from trusted app stores. It is often tempting to install an apk from an obscure website because you won't have to pay any money for that particular app or game. However, those applications are often infected with viruses that may either make you lose all the data on your phone, or render it useless.

If you use your smartphone to access the Internet (and who doesn't do that these days?), you should only visit trusted websites. Often, shady websites will include malware code that can install viruses on your device.

Don't forget to update the operating system as soon as a new patch is released; by doing this, you will have the chance of wiping out any piece of malware that may have been installed without you knowing about it.

Do your research, and then install a mobile antivirus that has gotten great ratings in the app store. It is quite sad, but some antivirus manufacturers create great products, and then they get greedy and load them with bloatware that will slow down your phone and/or bombard you with pop-ups that encourage you to purchase "complementary" security solutions and add-ons. Still, if you take the time to read as many user reviews as possible, you should be able to pick up a product that's both effective and lightweight.