Brand New Android Smartphones Coming with Spyware and Malware

Rafia Shaikh

When you buy a new phone, you expect it to be a clean slate in all ways. Apparently, that is not always the case. Malicious software targeting Android powered smartphones is on a rise, however, what is more alarming is the fact that some Android phones come to you packaged as new but filled with spyware and adware.

A new malware instance is discovered every 14 seconds in Android:

We see reports of malware attacking Android operating system almost as a daily ritual. While there may be some phishing attempts involved in many types of these attacks, a user cannot do anything if their smartphone is coming prepackaged with malware. Security research firm, G Data, has identified malware installed in over 20 newly bought smartphones. Xiaomi, Huawei, Lenovo, Xido are some of the affected brands that come with some kind of spy or adware pre-installed.

The malware is embedded in one of the legitimate apps that come with a new smartphone, such as the Facebook app. This app then not only is enabled to read and send text messages, but can also install other apps, collect call data, get location information, and record phone calls. Even if a user wants to get rid of the app, it would be impossible as these apps are part of the stock firmware. "You can't take it off there unless you unlock the phone," Andy Hayter of G Data said.

The infection doesn't appear to be occurring during manufacturing as it seems likely that "Somebody is unlocking the phone and putting the malware on there and relocking the phone," claims Hayter.

Many of these devices are sold by third parties in Europe and Asia making it easier for middlemen to install the malware. When G Data contacted Lenovo - whose Android S860 was found plagued with malware - the company responded that the device came from a third-party marketplace and the malware was installed by middlemen. "This is the only such occurrence we have been made aware of. We always recommend customers transact with authorized distribution channels and only accept merchandise that comes in an official box with original factory seals," explained Ray Gorman, executive director of external communication at Lenovo.

This is not the first instance of this kind of a malware attack, but is now being discovered in more brands and models. Earlier in 2014, G Data had also reported a malware disguised as Google Play Store in a Chinese manufacturer Star's N9500 model which reportedly sent the data to a server in China:

"Experts at the German security vendor have discovered a smartphone that comes with extensive spyware straight from the factory. The malware is disguised as the Google Play Store and is part of the pre-installed Android apps. The spyware runs in the background and cannot be detected by users. Unbeknownst to the user, the smartphone sends personal data to a server located in China and is able to covertly install additional applications."

The latest report from the same company claims that over 6,100 malware instances were discovered "per day" in the second quarter of 2015 which comes down to a new malware sample identified in the Android operating system, every 14 seconds.

Share this story