Millions of Android devices, including budget smartphones, smartwatches, and smart TVs, are being shipped with info stealer malware pre-installed, according to cybersecurity firm Trend Micro. The malware is being installed by third-party firmware suppliers, who are offering “silent plugins” to manufacturers to remain competitive as the price of mobile phone firmware drops. These plugins, some of which are sold on dark web forums and even marketed on mainstream social media platforms, can steal sensitive information, take control of social media accounts, and use devices for ad and click fraud.
One of the most significant risks posed by the malware is a plugin that allows the buyer to take control of a device for up to five minutes and use it as an “exit node.” Researchers from Trend Micro said that the attack affected nearly nine million devices worldwide, with the majority located in Southeast Asia and Eastern Europe. Although the researchers did not name the attackers, they suggested that China may be involved in the attack.
Senior Trend Micro researcher Fyodor Yarochkin noted that the root of the problem was the brutal competition among original equipment manufacturers. The increasing availability of silent plugins that can add malicious software to firmware poses a significant threat to both manufacturers and end-users. The report highlights the need for greater oversight of firmware suppliers and the supply chain for electronic devices, as well as more significant investment in cybersecurity and secure software development practices.
