Israel-based cyber-security firm Check Point has detected a malware that is not downloaded by users, but is already present in some Android devices.
According to the company’s blog post last week, the pre-installed malware was detected in 36 Android devices, including Samsung Galaxy Note 2, Samsung Galaxy Note 3, Samsung Galaxy Note 4, Samsung Galaxy Note 5, Samsung Galaxy S4, Samsung Galaxy S7, Samsung Galaxy A5, ZTE x500, Asus ZenFone 2, Lenovo S90, Lenovo A850, and LG G4.
The company pointed out that the malicious apps were not part of the official ROM supplied by the vendor, but were added somewhere along the supply chain. The malware can’t be removed by users and thus, the smartphones would need to be re-flashed.
One of the pre-installed malwares was Slocker, a mobile ransomware, that uses the Advanced Encryption Standard (AES) encryption algorithm to encrypt all files on the device and demand ransom in return for their decryption key. The other is the Loki Malware. This complex malware operates by using several different components; each has its own functionality and role in achieving the malware’s malicious goal.