back to article Millions of mobile phones come pre-infected with malware, say researchers

Miscreants have infected millions of Androids worldwide with malicious firmware before the devices even shipped from their factories, according to Trend Micro researchers at Black Hat Asia. This hardware is mainly cheapo Android mobile devices, though smartwatches, TVs, and other things are caught up in it. The gadgets have …

  1. Version 1.0 Silver badge
    Stop

    Common Original Visually Infected Devices - let's face it, the world would be strange if infected devices did not exist everywhere these days. It's horrible but malware and infectious everything is normal now. If I had one of these devices then I'd wear a mask and vaccinate it with a hammer.

    1. TheInstigator Bronze badge

      Best thing is to buy Western devices only

      1. Kapsalon

        What in heavens name is a Western device nowadays??

        1. Anonymous Coward
          Anonymous Coward

          A Stetson cowboy hat, obviously. And an AR15.

          :)

      2. DCdave
        Joke

        Western Digital don't make phones though

        Western Digital don't make phones though

      3. TheInstigator Bronze badge

        For those not in the know - I was being sarcastic af

        1. Michael Wojcik Silver badge

          New to online discourse, are you?

          No one but you knows whether you're being sarcastic. Some members of your audience may infer it (correctly or not), but the probability of that drops dramatically when your text is too short to provide any clues about tone.

          1. TheInstigator Bronze badge

            @Michael Wojcik I'm aware of this and it was deliberate ;)

  2. Julian Bradfield

    Not new

    This has been going on for a while, hasn't it? I got a cheap Nuu Android phone in 2018 that had baked-in malware. To be fair, Nuu did respond quite quickly.

    1. diodesign (Written by Reg staff) Silver badge

      Ugh, is anything really new?

      Yeah but Trend Micro's people say this is a growing problem, so in their eyes, it's getting worse or isn't going away. And reminding people of millions of infected devices seemed worth pointing out.

      Assuming TM is on the money.

      C.

  3. HappyDog

    Pot, kettle?

    "The objective of the malware is to steal info or make money from information collected or delivered."

    Is this not Google/Facebook/Twitter, Alphabet/Meta/Musk, (apologies for repeating myself there) USPs?

    No wonder they're upset!

    1. TheInstigator Bronze badge

      Re: Pot, kettle?

      but but but ... when the West does it, it's to ensure your safety and security!

      1. fidodogbreath

        Re: Pot, kettle?

        Username checks out.

      2. d2

        Re: Pot, kettle?

        geez, if ya'd put,'but but but ...it's to ensure your safety and security!... HA,ha' it would've been ace

      3. jnimmo

        Re: Pot, kettle?

        As someone living in an Anglo colony, I am DEEPLY CONCERNED about the Chinese spying on me.

        The Chinese government is clearly going to be the one that imposes a 'social credit' system, where my travel and ability to get business permits may be affected if I commit crimes like fraud or serious environmental pollution and don't pay the fines. In Australia.

  4. Ne0

    USA NSA injects malware into hardware while in transit through Singapore / Hong Kong; as revealed by Snowden.

    On the other hand, for ultra-cheap phones (below US$ 100) it's brand company may install adware to compensate for its cost.

    1. TheInstigator Bronze badge

      "USA NSA injects malware into hardware while in transit through Singapore / Hong Kong; as revealed by Snowden." - The West would never do this - it's illegal & immoral - things that the West does not and would not stoop to.

      Snowden's a traitor

      1. Wayland

        Nice bit of trolling. You got nearly everyone.

    2. ian 22

      What is the point in collecting IP from poverty-stricken users? Surely the posh class have more interesting data to hoover.

      1. Wzrd1 Silver badge

        What is the point in collecting IP from poverty-stricken users? Surely the posh class have more interesting data to hoover.

        Lessee, more users and hence more data for sale and capitalism 101, "Never say no! I don't want more money!".

        Hence, the saying, "Quantity has a quality all of its own".

  5. PhilipN Silver badge

    Imitating Nature - viruses everywhere - get over it

    Haven't come across the statistic for years but at one time it was reckoned a brand new computer plugged into the internet would get its first hostile attack in 20 minutes. Anyone know the latest?

    1. John Brown (no body) Silver badge

      Re: Imitating Nature - viruses everywhere - get over it

      I remember doing an XP install some years ago for a friend and, being used to working on my home network, behind a firewall, forgot to unplug his from the broadband router. It was infected before the install even completed! Fortunately, I caught it, unplugged it, started again and installed off line and got some AV and firewall started before re-connecting to the outside world. That was a an eye opener!

      1. Anonymous Coward
        Anonymous Coward

        Re: Imitating Nature - viruses everywhere - get over it

        I was going to say something similar. Back in 2000 I turned on logging for incoming connections on my router. After freaking out at the number of attacks happening every hour, I turned it back off; as long as my devices are on my side of the router, they don't have a public IP so those kinds of attacks just hit the router and die.

        1. Roland6 Silver badge

          Re: Imitating Nature - viruses everywhere - get over it

          > as long as my devices are on my side of the router, they don't have a public IP so those kinds of attacks just hit the router and die

          And yet there are people who will still tell you NAT doesn’t contribute to security…

        2. TheMaskedMan Silver badge

          Re: Imitating Nature - viruses everywhere - get over it

          "I was going to say something similar. Back in 2000 I turned on logging for incoming connections on my router."

          I was similarly freaked out while still on dial-up. I installed Zone Alarm, mostly our of interest, and was horrified by the number of incoming it detected!

      2. ThatOne Silver badge
        Happy

        Re: Imitating Nature - viruses everywhere - get over it

        > I remember doing an XP install some years ago for a friend

        Ah yes, heady times... Same here, I had finished the installation of XP for a family member and was downloading all the Windows Update patches, except I had already installed software which controlled which programs were allowed to run, and since it was still in the learning phase, it all of a sudden asked me if some strange alphanumerically named program located in /temp was supposed to start. Nothing was supposed to run at that point, I was still downloading stuff (back then Microsoft still bothered to tell you what it was doing, even to ask for your permission before doing something! Yes, yes, young people won't believe it...).

        That was the shortest time before attack I've witnessed. I prevented the program from starting, emptied the /temp folder, and that computer and its user lived happily ever after.

      3. TheMaskedMan Silver badge

        Re: Imitating Nature - viruses everywhere - get over it

        "It was infected before the install even completed!"

        Goodness, I'd forgotten about those fun and games. Infected before you could even do windows update or update the antivirus. Wasn't the thing called blaster, or something like that?

        I vaguely recall standing in a local purveyor of IT kit, now long defunct, and comparing notes with others over how many of those we'd seen that week while we waited for our orders to be picked. The exact numbers are lost in the hazy mists of time, but it was a LOT.

    2. Anonymous Coward
      Anonymous Coward

      Re: Imitating Nature - viruses everywhere - get over it

      It was about 30 seconds when I tried that in 2004.

  6. MachDiamond Silver badge

    Non-Google Android

    There is such a thing as a de-Googled phone. Apps won't run if they need the Great Satan to bounce your data to, but if you just need a phone and some basic functionality, getting a phone with Google uninstalled is an option. No hope for iPhone. I think I've had my phone out twice today for the calculator and naught else. It's been a slow week.

    1. Anonymous Coward
      Anonymous Coward

      Re: Non-Google Android

      Would like to know where we can get such things !

      Trying to turn off Google services is like playing minesweeper, except it could break your phone.

      1. Mr Dogshit

        Re: Non-Google Android

        https://volla.online/en/

        1. An_Old_Dog Silver badge

          Re: Non-Google Android - Volla - "Woah, Nellie!"

          At Volla's website, the first thing I noticed was their webpage trying to make my browser connect to Google (thank you, NoScript!).

          The second thing I noticed was a blurb at the bottom of the page telling me about cookies, anonymized data, etc. which had an [ACCEPT] button, but no [REJECT] button.

          Those are bad choices for a company which holds itself out as respecting and promoting their customers' privicies.

          1. d2

            Re: Non-Google Android - Volla - "Woah, Nellie!"

            the LongReach of the DoD...

      2. Roland6 Silver badge
        Joke

        Re: Non-Google Android

        > Would like to know where we can get such things !

        Huawei…

        1. Sir Sham Cad

          Re: Non-Google Android

          To be fair, with Huawei there's no need to wonder whether your phone is infected with malware or not.

          1. Wzrd1 Silver badge

            Re: Non-Google Android

            Fair enough, but Huawei would only pass along that which the PRC government already got from their OPM hack.

            Making me an entry for Guinness' world recordbook for the thickest boring file.

          2. jnimmo

            Re: Non-Google Android

            Yes. It isn't

      3. TheInstigator Bronze badge

        Re: Non-Google Android

        Hauwei

    2. jpennycook
      Black Helicopters

      Re: Non-Google Android

      I haven't used either, but https://lineage.microg.org/ and https://e.foundation/ claim to deliver de-Googled phones

  7. Anonymous Coward
    Anonymous Coward

    This has been going on for years with intel laptops.....

    They come pre-infected with windows :-)

    1. Anonymous Coward
      Anonymous Coward

      Re: This has been going on for years with intel laptops.....

      As most of us know, it wasnt and still isn't just Intel devices.

      After Cyrix went byebye, AMD got in on the action too ;)

    2. doublelayer Silver badge

      Re: This has been going on for years with intel laptops.....

      However, you can erase them and install something of your choice, which wipes out not only the manufacturer's image and any bloatware, but also the operating system. You can start from scratch, or you could run a disinfecter over that image. Hey Google, can you explain how you saw that and somehow managed to go backward on security when the starting point was Windows before security features got added?

  8. mark l 2 Silver badge

    I got a Android phone from Amazon manufactured by Doogee which came with malware / adware preloaded back in 2017. They were clever in that it remained dormant for a couple of months before it activated so if you complained they could pass the buck as say you must have downloading a dodgy app which caused it. But it was definitely there from the beginning as their support forums where full of reports all saying the same thing, and identifying which preloaded apps where causing the issue.

    I managed to root the phone and remove the dodgy apps and installed Afwall to control where the phone was able to connect to.

    In my case it was obvious pop up ads, browser redirects etc that the phone was doing. But they could have just as easily installed a key logger or proxy server which i may have never known about, so I didn't trust the phone after that.

    1. Michael Wojcik Silver badge

      I got an Android phone from Motorola and it came with the Facebook app preloaded.

      1. M.V. Lipvig Silver badge

        I did as well, but the phone allowed me to remove it. I used to buy Samsung phones but the Bixby virus comes preloaded, can't be removed, and can't be shut completely off, and what you do shut off turns itself back on. So, no more Samsung phones. My Moto-G isn't as nice, but them it doesn't keep turning crap on when I turn it off.

  9. Roland6 Silver badge

    Time to name and shame..

    >” The team confirmed the malware was found in the phones of at least 10 vendors, but that there was possibly around 40 more affected.”

    The only way to minimise this for the testing to become formalised and part of the normal assessment of a reputable security testing lab. It won’t stop it but it will make it harder to selll outside of the pop up market stall.

    1. iron Silver badge

      Re: Time to name and shame..

      I couldn't name 10 Android manufacturers, let alone 40, and I'm an Android app developer.

      If you've never heard of the manufacturer before then they're probably on the list.

      Not on the list? Samsung, Sony, Google, Motorola, Oppo... basically the companies you've actually heard of before.

  10. Northern Lad

    No Malware On My Phone

    I have a google pixel phone, no bloat, no spyware, nobody spying on me.... ...oh...

  11. M.V. Lipvig Silver badge

    (rents my phone for 5 minutes)

    Aww man, what a waste of money! All he does is post to a tech site! No banking or nothing, not even Facebook!

  12. jnimmo

    Yes, it's called 'Facebook'.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like