Malware Preinstalled on Many Android Phones

John Lister's picture

Android phones from a variety of companies have reached business employees with malware already installed according to researchers. How and why it got there is not yet confirmed.

The report comes from Checkpoint, a security company. It says it was examining devices used by staff at two businesses: one a "large telecommunications company" and the other a "multinational technology company." (Source:

While it's not unusual to find malware on employee phones during some checks -- that's partly the purpose of hiring services such as Checkpoint. Researcher Oren Koriat says what makes this unusual is that the malware had clearly been preinstalled rather than getting on the phones while the employees were using them.

Ramsomware And Adware Present

In total, 36 devices were found to have malicious applications preinstalled. More than 20 different makes and models of phones were affected.

In six cases, the malware had been installed on the system's read-only memory, meaning it couldn't be removed and instead the phone had to be completely wiped clean and the operating system reinstalled.

The malware was mainly made up of applications designed to steal information, plus applications that display unwanted ads on the phone as part of a scam to claim money from advertisers. One device had an application that could encrypt the device's files to set up a ransom demand.

Security Breached in Supply Chain

Checkpoint's investigation showed that the malware wouldn't have been in place when the phone was dispatched by the original manufacturers, meaning it was added somewhere in the supply chain.

Koriat says it isn't clear if the people behind the malware were intentionally targeting the companies that used the phones, or if it was part of a larger-scale scheme.

According to Koriat, companies giving staff new phones should consider scanning them for malware before use, as well as using good security practice from day to day. The incident may also suggest companies need to carefully vet suppliers when buying phones from those other than the original manufacturers. (Source:

What's Your Opinion?

Do you think this is likely to be a widespread problem? Should Google insist a basic security scanner is included all Android devices, similar to the built-in Windows security tools? Should resellers be expected to check phones before passing them on to customers?

Rate this article: 
Average: 5 (11 votes)


Dennis Faas's picture

This is a prime example of why I would never bank or have sensitive information on a smartphone. It's just way too easy to download something malicious (or in this case, have it pre-installed) and the user has little to no recourse to correct it. At least with a computer there are tools readily available - and one's that I'm familiar with - that I can use to examine the system should I ever get infected with malware. With a phone it's a lot harder to carry out because phones are locked down pretty tight, plus reinstalling the operating system by flashing the phone (if you can find the ROM) isn't at all straight forward and varies from device to device.

ecash's picture

I think I will go back to DOS..
Disk operated system..forget OS that built TO the device.
LOAD up what I want, Every time, from Disks that I WON and PROTECT.
Not (windows) an OS that changes/updates/... all the time and you have little or NO control of..
NOT a remote install on a cellphone that I DIDNT CREATE..
BACK to the days when a GAME was on a Disk and you SCANNED IT, before anything else, and then Turn off the system and BOOT to the game ONLY..
A friend had a phone and it had, had so much Garbage on it, that it was easier to Kill and RELOAD android on it..LG has the file, so I DL it, and install ONLY android for that phone, NOT the extra stuff...the thing RAN great..better then original installs..
I agree on the thought of Internet banking on Cell..
I just want to know WHAT/WHICH AV will REALLY scan the whole system..I dont think Most scan the Boot/Root system. Long ago in the C64 and Amiga days I had an AV that Scanned EVERY block and sector..not just programs. it took FOREVER..
Old friend of mine and I, both had Amiga computers. He asked me to drop over and scan his system. I had to fix his DOS dicks, then Scan his games..OUR favorite was Frontier ELITE, and he had 7 virus on 1 floppy disk(WOW)..I told him the odds of recovery. IT DIED. NO backup..and 2 years of playing all went away.
HE learned a lesson. Always scan OTHER DISKS FIRST, never INPUT a disk(without scanning it) into the DOS SYSTEM.. and ALWAYs do a Shut down, WAIT, then BOOT to another disk..SOME programs can leave THINGS in the ram, LET the RAM shut down and erase.
God, I think Im old.