Breaking

Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware -Google Warns


Millions of shiny new Android smartphones are being purchased with dangerous malware factory-installed, according to Google's own security research team.



There have been multiple headlines about the millions of harmful apps being installed from the Play Store, but this is something new. And the danger to unsuspecting users, trusting that new boxed devices are safe and clean, is that some of that preinstalled malware can download other malware in the background, commit ad fraud, or even take over its host device.

Android is a thriving open-source community, which is great for innovation but not so great when threat actors seize the opportunity to hide malware in basic software loads that come on boxed devices. New phones can have as many as 400 apps factory-installed, many of which we just ignore. But it transpires that many of those apps have not been vetted. The apps themselves will work as billed, providing a useful capability or service, so we can be forgiven for not considering the risk that might lurk within.

Google's Maddie Stone, a security researcher with the company's Project Zero, shared her team's findings at Black Hat on Thursday. "If malware or security issues come as preinstalled apps," she warned, "then the damage it can do is greater, and that's why we need so much reviewing, auditing and analysis."



The risk impacts Android's Open-Source Project (AOSP), a lower-cost alternative to the full-fat version. AOSP is installed on lower-cost smartphones where cheaper software alternatives help keep prices down. This means owners of Android-badged devices from the likes of Samsung and Google itself are safe from this particular risk.

For an attacker, Stone warned, the benefit of supply chain compromise is that they "only have to convince one company to include their app, rather than thousands of users." The Google team didn't disclose any details of the brands of phones involved, but more than 200 device manufacturers fell foul of the testing, with malware allowing the devices to be attacked remotely.

Forbes
Disclaimer
Most News articles reported on SSTNEWS are a reflection of what is published in the media. SSTNEWS is not in a position to verify the accuracy of daily news articles, however, we ensure that only news articles from credible sources are reflected in this service. Independent opinions which are mailed to us may also be published from time to time at our discretion, however the sources for these independent articles will be clearly stated.

Share your story with us: SMS: +2349067561649, Whatsapp: +2349067561649, Email: shockingstatementafrica@gmail.com or qubesentertainmentmagazine@yahoo.com
Receive Alerts on: Whatsapp: +2349067561649, Twitter: @sstnewsng