It’s one thing to accidentally install malware onto your phone, but having the virus arrive with the phone is a different problem. Security company Check Point has discovered 38 Android devices with malware inserted after the they left the factory.
These 38 devices aren’t from low budget OEMs, but instead include major manufacturers like Oppo, Xiaomi, and Samsung. In fact most of the devices happen to be former Samsung flagship smartphones.
Check Point says that the insertion of the malware appears to have happened somewhere along the supply chain. Since the problems were not present in ROMs provided by the manufacturers. In other words, someone has been tampering with the phones while they were in transit.
Most of the malware appeared in the form of relatively harmless ad networks. However, there were also samples of data-stealers and one instance of mobile ransomware. Yes, some unlucky customers were treated to ransomware right out of the box.
It should be noted that these 38 devices were not exactly sold on the open market. The samples come from two companies. Check Point did not reveal which these were, but instead said that they were “a large telecommunications company and a multinational technology company.”
[Source: Check Point]