The devices are infected from the factory. (Photo: Shutterstock/Andri wahyudi)
Software is loaded onto devices by original equipment manufacturers. The malicious actors later resell access to these devices to third parties for a limited period of time.
Security researchers at Trend Micro have discovered that many Android devices come with malware installed out of the box. Android smartphones are particularly affected, as are smartwatches and TVs.
The researchers will present their findings Black Hat Asiahow log mentioned. However, this malware is not installed on devices by the smartphone manufacturers themselves.
They can be found when outsourcing manufacturing to original equipment manufacturers (OEM). These fees can sometimes be paid by malicious actors to inject different types of malware onto devices.
There are different types of malware that can run on Android devices in this way. One of them is called proxies. These enable the device to work remotely.
Malicious actors resell access to smartphones to third parties for a period of time. “A proxy user can use someone else’s phone as an exit node for 1,200 seconds,” said Fyodor Yaroshkin, a security researcher.
Third parties that gain access to the device in this way could, for example, collect data from it. Including location data, keystrokes, or IP address. Access can also be used for other scams such as click fraud or social media account takeover.
“Although we may know the people who are building the infrastructure for this company, it is difficult to say exactly how this infection got into this cell phone because we don’t know exactly when it entered the supply chain,” Yaroshkin said.
Researchers suspect millions of devices have been infected with malware in this way. According to the criminals themselves, around 8.9 million devices are affected worldwide, which are said to be mainly located in Southeast Asia and Eastern Europe.
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”