As far as what malware is installed exactly, it can vary. Some devices had malware that shows adverts such as the Loki malware. Other examples gleaned information from the user and sent it to a third-party server. Others acted as Android-specific ransomware. As such, there’s no single diagnosis or symptom you can give a newly-bought phone to tell if it has been pre-infected with malware or not.
How Did This Happen?
It’s distressing to hear that phones are now shipping with malware installed the moment you buy them! How did this even happen in the first place? How is it that malware is finding its way onto users’ phones before they even go online?
As for the report by Check Point, they state that the companies found to be selling malware-infected devices were “a large telecommunications company and a multinational technology company,” which doesn’t say much. However, it does mention that the malware attacks “… were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain.”
This means that the distributors of the phones were the ones adding the malware, not the manufacturers. A Samsung Galaxy phone infected with pre-installed malware wasn’t the fault of Samsung themselves, for instance. This creates a worrying scenario where customers can no longer be certain that their phone will remain untampered with from the factory line to the home.
How Do I Avoid It?
Now that malware is being spread onto phones before they’re even sold, the tried and trusted anti-malware advice won’t work against this new form of attack. Exercising caution over the apps you download, the websites you visit, and the links you click won’t help you avoid malware that’s already on your system since day one. There are some additional precautions you can take, however, to prevent being bitten by this bug.
First, make sure you purchase your devices from trusted resellers. This includes stores that are owned entirely by the people manufacturing the phone that you want, as well as highly respected and trusted network providers for your country. Purchasing a phone from less-reputable sellers runs the risk of having malware pre-installed on it.