[Updated] Security Research Firm GData Finds Over 20 Smartphones Pre-Installed With Malwares


Android Malware Virus Smartphone

Update: Xiaomi representatives have got back to us, and they have clearly stated that they do not pre-install any kind of Malware or Adware on their phones. We have added official statement from Xiaomi at the end of the article.

Update2: Lenovo representatives have also got back to us in regards to this. Their statement has been produced at the end of the article.

We have traditionally believed that viruses and malwares are something which we induce into our computers and mobiles as we use different websites, apps and services. However, what if the malwares are pre-installed into your new smartphone?

This leaves very little defense mechanism and protection.

Germany based 30 year old anti-virus company: GData has conducted a research into malwares found in smartphones; and the results aren’t good.

Gdata has found some specific smartphone models from Xiaomi, Lenovo and Huawei had pre-installed malwares in them, which had pre-authenticated permissions and access to play havoc with your smartphone.

Besides these three popular brands, there are several other companies as well, whose smartphones were found to be laced with pre-installed malware.

Here is an excerpt of the infected models, derived from the full list:

Malware Handsets

In 2014, Gdata had found that three smartphones namely: Star N9500, Star N8000 and Icefox Razor had pre-installed malwares in their packed units. It created a furore among the tech observers and blogging community; and demands for stricter measures to stop this evil practice were demanded.

However, this time, Gdata has certainly stirred a hornet’s nest as top three Chinese mobile phone vendors: Xiaomi, Lenovo and Huawei have been directly mentioned in their report.

Modus Operandi

As per the report, such malwares are hidden among popular apps, and works normally for the end-user. However, behind the humble screens, lies a great conspiracy to hack the users’ data.

The report said, “In the analysed cases, the malware is usually hidden in a legitimate app which is manipulated to contain malware as an add-on. The malware hides alongside the usual functions in the app. Users do not notice these add-on functions as the majority of the processes run in the background..”

Giving an example of Facebook, Gdata security analysts said that the hackers already install hidden malware into the app, which the user is not aware.

Disguised Facebook App


The users will use the app as any other normal activity, but in the background, the malware will grant access to third parties without users’ consent. As the researchers ran a security check on this Facebook app (which was found in one of the infected handsets), they located the malware: Android.Trojan. Andup.D.

Disguised Google Drive App


In case of Google Drive app, GData found Android.Monitor.Gsyn.B Malware in one of the offending handsets.

Here is sample of permissions that these apps have. Essentially they do anything and everything from connecting to internet, reading and sending SMSes, read contacts, access location among other things.

android permissions

The worst thing is that, such infected apps cannot be uninstalled, as they are the fixed installations on the handset. A horror story turning into reality here..

Gdata has specifically said that it’s the middlemen who infect these boxed handsets before delivery; it is highly unlikely that any reputed smartphone brand will ‘deliberately’ install malwares into their own handsets.

However, the issue is about the risk of such daring attacks, which a novice or first time smartphone user won’t be aware of.

In case there are dedicated middlemen involved in this dirty business, we are not even aware how to stop this.

You can access the complete report titled “G DATA MOBILE MALWARE REPORT. THREAT REPORT: Q2/2015” here.

Official Statement from Xiaomi

“The security report clearly states that middlemen are installing such malware and that manufacturers like Xiaomi are not at fault. Unauthorized retailers can inject malware into any device bought from an unofficial channel. This is why we strongly recommend buying Mi phones only through authorised channels such as Mi.com, Flipkart, Amazon or Snapdeal.”

Official Statement from Lenovo

“The report states that the malware was pre-installed in the firmware of the device and can’t be removed. This is incorrect information. The malware was found on a single Lenovo phone that was bought through a third party marketplace and was contained in an app that was likely added by a middleman and could easily be removed from the device. “

  1. Abdullah C says

    Not surprised to see Lenovo’s name in here. Search for “Superfish” – it was malware preinstalled on consumer laptops which would leave behind malicious certificates even after uninstallation

  2. Sreekanth Yelicherla says

    How can a middle men install malware? Must be the OEM only. And that’s why I never like to buy phones from those chinese companies!

Leave A Reply

Your email address will not be published.

who's online