This article was published 2 yearsago

While there has been frantic launches of low-cost Android devices from 100s of companies globally, the dangers of such an uncontrolled, mostly unregulated hardware push have started to come to light. One such danger has come out in a recent study, that has exposed a hidden menace lurking within the realm of affordable Android phones and smart TVs. Researchers have discovered that many lesser-known brands, popular for their low-cost offerings and owned by millions of users, have come preinstalled with malicious software.

According to a report by security firm Trend Micro (which was presented at the BlackHat Asia conference), researchers discovered the malware pre-loaded on numerous Android devices – including budget smartphones and smart TVs – malware that is capable of launching coordinated cyberattacks. Researchers from security firm Sophos named the malware Guerrilla, discovering it in 15 malicious apps that were available on the Google Play Store. The malware, according to researchers, collected user data that could be sold to advertisers, and even install aggressive ad platforms to deplete battery reserves fast.

Trend Micro noted in its report that the US had the highest concentration of such infected phones, followed by Mexico, Indonesia, Thailand, and Russia. This Guerilla malware came pre-installed on about 8.9 million Android-based smartphones, watches, TVs, and TV boxes across the globe, highlighting the vast reach of the Lemon Group – as Trend Micro calls the threat actor – across various markets.

“The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages, social media and online messaging accounts and monetization via advertisements and click fraud,” Trend Micro researchers said in its report.

The China-based AllWinner and RockChip are far from being household names, but both of them have a fairly large presence on Amazon and are known to power popular Android TV boxes that are sold on the e-commerce platform. The smart TVs in question seem to be a good catch at first glance – they are pocket-friendly, come with impressive features and streaming services, and Amazon shows that they have good reviews.

It is thus a surprise that an investigation by cybersecurity researcher Daniel Milisic discovered that the popular Android TV boxes sold by brands such as ALL Winner and Rockchip come pre-loaded with malware. Milisic bought an AllWinner T95 set-top box last year and discovered the chip’s firmware was infected with malware, that it communicated with command and control servers and connected to a larger botnet of thousands of other malware-infected Android TV boxes across the globe.

His findings were later confirmed by Bill Budington, a researcher at the Electronic Frontier Foundation.

The implications of this preinstalled malware are far-reaching and worrisome. Millions of users who purchase these low-cost devices unknowingly expose themselves to various security risks, including data theft, unauthorized access to personal information, and potential financial losses. Additionally, this malware can compromise user privacy by collecting sensitive data without their knowledge, leaving them vulnerable to identity theft and other cybercrime.

The revelation of preinstalled malware on low-cost Android phones and smart TVs serves as a crucial wake-up call for consumers to remain vigilant. It emphasizes the need for thorough research and scrutiny when purchasing devices, especially from lesser-known brands or unverified sellers. Users need to prioritize devices from reputable manufacturers and always opt for official distribution channels to minimize the risk of encountering preinstalled malware. Addressing this issue requires a collaborative effort from device manufacturers, app stores, and regulatory bodies.

Manufacturers need to implement rigorous security measures during the production process to ensure that their devices are free from malware before reaching the market. App stores must strengthen their screening processes to prevent the inclusion of apps that facilitate preinstalled malware. Furthermore, regulatory bodies should establish stricter guidelines and standards for device manufacturers to safeguard consumer interests.