Millions of new Android phones are preinstalled with malware

Tens of millions of Android Phones come preloaded with dangerous malware before being sold, according to Google's security research team.

There is a lot of information about millions of malicious applications installed from Play Store, but this risk is much more shocking. People often believe that the new smartphones in the box are safe. However, some malware has been preinstalled on smartphones before being sold, to take advantage to display ads, steal information, or even take control of the device.


Maddie Stone, a security researcher of Google Research Zero, shared her team's findings at Black Hat on August 8. She warned: "If malware or security issues come as preinstalled apps, then the damage it can do is greater, and that's why we need so much reviewing, auditing, and analysis."

The risk comes from Android's open source project (AOSP), which Google allows to use the Android operating system at a low or free cost. AOSP is often used for low-cost smartphones, and manufacturers choose this way to reduce product's costs. Meanwhile, bad guys only need to compromise with manufacturers using their applications to profit instead of trying to lure thousands of users.


This Google group did not disclose any details about the related smartphone brands, but more than 200 phone manufacturers were found to be maliciously installed to allow hackers to attack remotely.

Android is an open operating system, very good for customizing software and installation, but it is very harmful when hackers also seize this opportunity to disguise malware alongside basic software on devices. Many new smartphones are installed to 400 applications before being launched, so many malicious applications are often ignored during censorship.


Google warns about two special strains of malicious code named Chamois and Triada. Chamois is responsible for displaying advertisements, downloading background apps and plugins, even sending high-cost messages. Only Chamois has been found pre-installed on 7.4 million devices. Triada is another variant of malware, also to display ads and install malicious applications.


Google said it conducted a screening campaign from March 2018 to March 2019, helping to reduce the Chamois-contaminated devices from 7.4 million to 700,000. However, according to Stone, the Android ecosystem is very large with a variety of OEMs, so the risks to users are unavoidable. Meanwhile, common advice applies around downloading and installing apps from the Play Store. Doubt does not annoy users when the application comes from an unknown source. However, not many users can do anything if those threats are preinstalled. Therefore, the security team needs to rely on manufacturers to do right and follow Google's advice in screening software to eliminate those risks.

By: Mithrine Smith

Videos | Jokes | Travel | Insurance | Technology | Food | Life | Fashion | Beauty | Entertainment