Beware! 36 Android Smartphone Models Sold in India Have Pre-Installed Malware – Here is How To Remove it
In the past, a lot of Android smartphones have been affected with Spyware and mobile malware, and these were mostly post-production of the devices, once they were out in the market for the users.
However, in an interesting turn of events, Check Point Software Technologies has outed a report that identified around 36 Android-based smartphones that come pre-installed with malware. Yes, these smartphones were shipping with a malware inside it already!
According to the report, “The malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”
What are these malware?
The research team at Check Point Software Technologies has found the malware in the Android smartphones that could cause the most problems for the users. Since these malwares are in the backend, the user usually doesn’t even get to know.
Most of the malware found to be pre-installed on the devices were info-stealers and rough ad networks, and one of them was Slocker, a mobile ransomware. Slocker uses the AES encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key.
The most notable malware is the Loki Malware. The malware displays illegitimate advertisements to generate revenue. As part of its operation, the malware steals data about the device and installs itself to the system, allowing it to take full control of the device and achieve persistency.
Here is a list of smartphones affected by it –
A lot of Samsung smartphones, namely Samsung Galaxy Note 2, Samsung Galaxy Note 3, Samsung Galaxy Note Edge, Samsung Galaxy S7, Samsung Galaxy S4, Samsung Galaxy Note 4, Samsung Galaxy Note 5, Samsung Galaxy Note 8.0, Samsung Galaxy A5, Samsung Galaxy Tab S2 and Samsung Galaxy Tab 2.
The other phones affected are Xiaomi Mi 4i, Xiaomi Redmi, ZTE x500, Oppo N3, Oppo R7 plus, Vivo X6 plus, Asus Zenfone 2, Lenovo S90, Lenovo A850 and LG G4. The smartphones have a risk of letting out user information in even the easiest ways.
Appendix 1 – List of malware APKs, Shas, and Affected devices
| com.fone.player1 | Galaxy Note 2 LG G4 |
d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f |
| com.lu.compass | Galaxy S7 Galaxy S4 |
f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c |
| com.kandian.hdtogoapp | Galaxy Note 4 Galaxy Note 8.0 |
b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b |
| com.sds.android.ttpod | Galaxy Note 2 Xiaomi Mi 4i |
936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b |
| com.baycode.mop | Galaxy A5 | 39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1 |
| com.kandian.hdtogoapp | Galaxy S4 | 998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea |
| com.iflytek.ringdiyclient | ZTE x500 | e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b |
| com.android.deketv | Galaxy A5 | 01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a |
| com.changba | Galaxy S4 Galaxy Note 3 Galaxy S4 Galaxy Note Edge Galaxy Note 4 |
a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1 |
| com.example.loader | Galaxy Tab S2 | e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff |
| com.armorforandroid.security | Galaxy Tab 2 | 947574e790b1370e2a6b5f4738c8411c63bdca09a7455dd9297215bd161cd591 |
| com.android.ys.services | Oppo N3 vivo X6 plus |
0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778 |
| com.mobogenie.daemon | Galaxy S4 | 0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b |
| com.google.googlesearch | 5 Asus Zenfone 2 LenovoS90 |
217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4 |
| com.skymobi.mopoplay.appstore | LenovoS90 | 3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be |
| com.example.loader | OppoR7 plus | 1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e |
| com.yongfu.wenjianjiaguanli | Xiaomi Redmi | e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d |
| air.fyzb3 | Galaxy Note 4 | c4eac5d13e58fb7d32a123105683a293f70456ffe43bb640a50fde22fe1334a2 |
| com.ddev.downloader.v2 | Galaxy Note 5 | 92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f |
| com.mojang.minecraftpe | Galaxy Note Edge | fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429 |
| com.androidhelper.sdk | Lenovo A850 | b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750 |
How to Remove the Malware?
Till the time you get a chance to remove the malware, you must ensure security while accessing websites and apps. It is advisable to download anti-virus and anti-malware software from the Google Play Store to monitor your smartphone and its use.
To completely get rid of the malware, if any, you must visit the nearest service centre of the smartphone brand you’re using. The customer service personnel will reflash Android on your smartphone, so take any backup if you want.
It is quite unfair to customers who want to receive a smartphone that has no problems before shipping. A user-installed malware can still be blamed on the user, but this carelessness in companies should not be expected. These smartphone manufacturers should also call for a recall or a mobile health checkup to ensure users are protected.
Source: Check Point
