The security experts at Check Point have found 36 Android smartphones that were infected with malware before the user even opened the box. The malware might be used to display advertisements or it might encrypt the phone and hold your data hostage until you pay off the hackers. Neither are good news.
We don't know exactly where the malware came from, but we do know that it wasn't present in the vendor's official ROM—which refers the software that should be installed on the phone before it ships. That suggests the malware is added by a third party somewhere along the supply chain, between the phone leaving the manufacturer and arriving in your hands. One possibility is third party resellers, who may be no-name stores offering phones at very attractive prices.
Once you're suckered into buying one of these infected phones, you're stuck with malware you'll never have reason to suspect could be there. After all, you've never done anything wrong and your phone's behavior never changes.
Affected products include popular models from big brands, including Samsung and LG:
- Asus ZenFone 2
- Lenovo S90
- Lenovo A850
- LG G4
- Oppo N3
- Oppo R7 Plus
- Samsung Galaxy A5
- Samsung Galaxy Note 2
- Samsung Galaxy Note 3
- Samsung Galaxy Note 4
- Samsung Galaxy Note 5
- Samsung Galaxy Note 8.0
- Samsung Galaxy Note Edge
- Samsung Galaxy S4
- Samsung Galaxy S7
- Samsung Galaxy Tab 2
- Samsung Galaxy Tab S2
- Vivo X6 Plus
- Xiaomi Mi 4i
- Xiaomi Redmi
- ZTE x500
But if you have one of these phones, don't panic just yet—and if you don't have one of these phones, it's still too early to breathe a sigh of relief. Not all of these phones will have malware and some phones not on this list could have malware.
So what should you do to avoid malware?
Be careful where you buy your phone. Because this malware is being installed after the phone comes off the manufacturing line but before it's in your hands, be suspicious of sellers who aren't authorized resellers—they might be the source of malware. You should also always run an anti-virus program on your Android device to be sure you're malware-free, even right out of the box. We recommend Sophos Free Antivirus and Security, which has a great track record for detecting malware in real time.
[Image credit: troubles with smartphone via Shutterstock]