1 min

Tags in this article

, ,

Trend Micro researchers have discovered that millions of Android phones already contain malicious firmware from the factory. They revealed this during the Black Hat Asia conference in Singapore.

The Register has reported on the proceedings in Singapore. Most of the affected devices appear to be very inexpensive phones, in addition to smartwatches, televisions and other Android devices.

Growing problem

Trend Micro notes that this is a growing problem. Criminal organizations have been infecting the devices via firmware. The installation of this is outsourced to third parties by many manufacturers, allowing these criminals to operate largely unseen. The infected firmware allows the devices to become proxies for stealing and reselling text messages and social media and messenger accounts, among other things.

The highest concentration of infected devices is said to be in Southeast Asia and Eastern Europe, although Trend Micro stresses that people worldwide should be concerned. Millions of devices are affected.

Senior Trend Micro researcher Fyodor Yarochkin stresses the importance of knowing the details about one’s supply chain. ““Even though we possibly might know the people who build the infrastructure for this business, its difficult to pinpoint how exactly the this infection gets put into this mobile phone because we don’t know for sure at what moment it got into the supply chain.”

Also read: Cybercriminals abuse OEM certificates to weaponize Android malware