Seva
03-16-2017, 08:29 AM
Mobile devices made by well-known manufacturers, has become infected with malware pre-installed on them at one stage of the supply chain.
The company Check Point Software Technologies said that it has found 38 Android smartphones infected with adware, malware that steals user data, as well as ransomware. The set of detected malicious programs as diverse as a collection of compromised models.
The researcher Daniel Peyton (Daniel Padon) reported that 38 of smartphones owned Check Point customers, working for an unnamed major telecommunications company and as an unnamed international it Corporation. Report any details about the companies-victims of Padan refused.
The malware was embedded in the device, before the latter fell into the hands of owners. Also they were not part of the original ROM firmware from manufacturers. On six devices malware has increased privileges to system level, and to remove them I had to reset the smartphone to factory settings.
"We were surprised to see such a variety of models, this seemed very strange, — said Padon. — With such a variety of models, the question arises: how they were selected for the attack and why the attackers decided to target so many different devices."
According to the assumptions of Padana, the device could be compromised at the point of sale where they bought the representatives of both companies. All 38 units were cleared from malware, but the researcher is convinced that infected so devices much more.
Padan, said that the analysis of the Check Point determined when I installed the original ROM-the firmware, and when it was introduced the malware (this has occurred for weeks, months and sometimes a year before the user activated device).
"It raises the question of a deliberate attack, said Paydon. — You might expect that some malware will hit a certain device. But as we found different types of malware, maybe someone was just experimenting or was it an unrelated event. At the moment we can only speculate".
According to the researchers, six devices have been infected with the Loki Trojan is distributed via infected ad networks for over a year. Loki can survive a system restart, to show the hype for cheating clicks, intercept communications and to merge data from Android devices. Some of the compromised devices were infected with mobile Slocker ransomware that encrypt all files on the device and uses the Tor network to communicate with C&C server.
"The main problem is that in this case it is impossible to underestimate the risks of such attacks, said Paydon. — If the attacker has access to devices before they reach their owners, any company or user at risk, even if never clicked on suspicious links, never downloaded phishing application and never open suspicious files".
The company Check Point Software Technologies said that it has found 38 Android smartphones infected with adware, malware that steals user data, as well as ransomware. The set of detected malicious programs as diverse as a collection of compromised models.
The researcher Daniel Peyton (Daniel Padon) reported that 38 of smartphones owned Check Point customers, working for an unnamed major telecommunications company and as an unnamed international it Corporation. Report any details about the companies-victims of Padan refused.
The malware was embedded in the device, before the latter fell into the hands of owners. Also they were not part of the original ROM firmware from manufacturers. On six devices malware has increased privileges to system level, and to remove them I had to reset the smartphone to factory settings.
"We were surprised to see such a variety of models, this seemed very strange, — said Padon. — With such a variety of models, the question arises: how they were selected for the attack and why the attackers decided to target so many different devices."
According to the assumptions of Padana, the device could be compromised at the point of sale where they bought the representatives of both companies. All 38 units were cleared from malware, but the researcher is convinced that infected so devices much more.
Padan, said that the analysis of the Check Point determined when I installed the original ROM-the firmware, and when it was introduced the malware (this has occurred for weeks, months and sometimes a year before the user activated device).
"It raises the question of a deliberate attack, said Paydon. — You might expect that some malware will hit a certain device. But as we found different types of malware, maybe someone was just experimenting or was it an unrelated event. At the moment we can only speculate".
According to the researchers, six devices have been infected with the Loki Trojan is distributed via infected ad networks for over a year. Loki can survive a system restart, to show the hype for cheating clicks, intercept communications and to merge data from Android devices. Some of the compromised devices were infected with mobile Slocker ransomware that encrypt all files on the device and uses the Tor network to communicate with C&C server.
"The main problem is that in this case it is impossible to underestimate the risks of such attacks, said Paydon. — If the attacker has access to devices before they reach their owners, any company or user at risk, even if never clicked on suspicious links, never downloaded phishing application and never open suspicious files".