Posted on May 24, 2023 at 5:36 PM

Android Smartphones And TV Boxes Come With Preloaded Malware

Android devices are vulnerable to security exploits. Over the years, cybersecurity researchers have detected multiple vulnerabilities in Android devices. While Google has been taking some steps to make its devices less vulnerable to security threats, Android smartphones, and TVs remain vulnerable.

Android Smartphones And TVs Contain Persistent Malware

One of the key factors that have triggered increased security threats on Android devices is the frequent detection of malicious applications on the Google Play Store. Moreover, the vulnerability of some of these devices comes from third-party manufacturers.

The frequent detection of malware on Android devices has resulted in damage to the reputation of the OS. Android users have always been on the lookout for these vulnerabilities, with the operating system now being ranked as less safe.

The reputation of the safety of Android devices could be damaged further after the recent report by ArsTechnica. Two studies conducted on the safety of Android devices found that millions of these devices were sold with pre-installed malware. The malware in question cannot be removed from these devices.

The first study on this malware was done by Trend Micro. The latter is a company that specializes in cybersecurity. The researchers at the company found that up to 8.9 million smartphones created by around 50 different brands contained malware.

Researchers from the Sophos cybersecurity company have said that the malware in question is known as Guerrilla. It was detected in 15 malicious applications that appear on the Google Play Store.

The report said that after the Guerrilla malware has been installed, it will open a backdoor that will force the infected devices to contact the remote command-and-control server regularly to monitor any new malicious updates that might have been installed.

Once these updates have been installed on a user device, they will collect user data that can then be used be used by the attackers. TrendMicro refers to these attackers as the Lemon Group. The hackers later sell the data to advertisers.

After the data has been sold, the Guerrilla malware will secretly install aggressive advertising platforms that will drain the battery energy quickly. It will also affect the normal operations of the device, and the user might witness the device lagging and possibly being slower than it would normally have been.

“The main business involves the utilization of big data: Analysing massive amounts of data and the corresponding characteristics of manufacturers’ shipments, different advertising content obtained from different users at different times, and the hardware data with detailed software push. This allows Lemon Group to monitor customers that can be further infected with other apps to build on, such as focusing on only showing advertisements to app users from certain regions,” the TrendMicro researchers said.

The largest number of infected devices was in the US. It was closely followed by other countries such as Indonesia, Mexico, Russia, and Thailand. Guerrilla is a massive platform, and it contains nearly a dozen plugins that can intercept sessions for WhatsApp users to send spam messages. It can also install a reverse proxy from a smartphone that was previously infected and exploit the network resources of the affected device.

The TrendMicro report did not mention the smartphone brands that were affected by this malware. However, it calls for vigilance from Android users to take security measures that will guarantee their systems are safe.

Android TV Boxes Contain Preloaded Malware

TechCrunch also published a report showing the presence of malware on Android devices. The report detailed how Android-based TV boxes sold on the Amazon marketplace came preloaded with malware.

The TV boxes in question have been identified as models T95 index h616, and they connect to a command-and-control server. The server can install any program that the creator of the malware wants to create. A “click bot will be installed into the TV boxes by default, and it will help generate advertising revenue when one clicks on the ads appearing in the background.

TechCrunch has also referred to a report published by a researcher known as Daniel Milisic. Milisic purchased one of the TV boxes that were infected with malware. The findings by Milisic were confirmed independently by Bill Buddington, who is a researcher at the Electronic Frontier Foundation.

Despite these recently published reports, the phenomenon of Android TV boxes being sold with preloaded malware is still a fresh concept. At least five of these incidents have been reported in recent years. The models affected by the malware belong to the budget segment, indicating that the devices are being created by less-known manufacturers who are less concerned about protecting their reputation.