SECURITY
SECURITY
SECURITY
Google admits some Android phones shipped with malware
Google LLC Friday admitted that some Android phones going back as far as 2016 were shipped with malware installed unknowingly by smartphone manufacturers.
The malware used is called “Triada,” a trojan virus that provides hackers with backdoor access to an infected device. The code is primarily found on smartphones manufactured in China.
Google first detected Triada three years ago and moved to protect against it using Play Protect, but the trojan evolved over time, becoming harder to detect. A version first detected 2017 included a backdoor log function that downloaded and installed modules in a place within Android that wasn’t noticed by many smartphone manufacturers at the initial stage.
Malware on smartphones is not new and this isn’t the first time malicious software has been installed on smartphones at the manufacturing level. What’s interesting here is how those behind the code managed to trick manufacturers into installing it.
Instead of hacking smartphone makers or breaking into plants, those behind the code pretended to be legitimate third-party suppliers of software that could be added to a standard Android Open Source Project installation, the free version of Android that doesn’t require licensing, such as a face unlock program. Neither was this a case of a shady-looking man in a trenchcoat offering under-the-counter enhanced Android functionality, with those behind the code pretending to be legitimate companies.
“Based on analysis, we believe that a vendor using the name Yehuo or Blazefire infected the returned system image with Triada,” Lukasz Siewierski from the Android security and privacy team wrote in a blog post.
Which smartphone makers were targeted and which models were infected have not been officially disclosed. But a report from Bleeping Computer in March found Triada infections on phones made by Leagoo, Doogee, Vertex, Advan, Cherry Mobile and others.
“We coordinated with the affected OEMs to provide system updates and remove traces of Triada,” Siewierski added. “We also scan for Triada and similar threats on all Android devices. OEMs should ensure that all third-party code is reviewed and can be tracked to its source.”
Photo: Pixabay
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
