The malware discovered by Check Point included info-stealers, ransomware and “illegitimate advertisements” which generate revenue while stealing device information; and information stealers.
Check Point says it found infections in 38 Android devices and none of the malware was in the vendor's ROM. Checkpoint's Oren Koriat thinks that they were added in the supply chain between vendor and customer.
"The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge. To protect themselves from regular and pre-installed malware, users should implement advanced security measures capable of identifying and blocking any abnormality in the device’s behavior," Koriat said.
“Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed”, Koriat said.
List of malware APKs, Shas, and Affected devices
| com.fone.player1 | Galaxy Note 2 LG G4 |
d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f |
| com.lu.compass | Galaxy S7 Galaxy S4 |
f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c |
| com.kandian.hdtogoapp | Galaxy Note 4 Galaxy Note 8.0 |
b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b |
| com.sds.android.ttpod | Galaxy Note 2 Xiaomi Mi 4i |
936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b |
| com.baycode.mop | Galaxy A5 | 39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1 |
| com.kandian.hdtogoapp | Galaxy S4 | 998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea |
| com.iflytek.ringdiyclient | ZTE x500 | e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b |
| com.android.deketv | Galaxy A5 | 01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a |
| com.changba | Galaxy S4 Galaxy Note 3 Galaxy S4 Galaxy Note Edge Galaxy Note 4 |
a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1 |
| com.example.loader | Galaxy Tab S2 | e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff |
| com.armorforandroid.security | Galaxy Tab 2 | 947574e790b1370e2a6b5f4738c8411c63bdca09a7455dd9297215bd161cd591 |
| com.android.ys.services | Oppo N3 vivo X6 plus |
0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778 |
| com.mobogenie.daemon | Galaxy S4 | 0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b |
| com.google.googlesearch | 5 Asus Zenfone 2 LenovoS90 |
217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4 |
| com.skymobi.mopoplay.appstore | LenovoS90 | 3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be |
| com.example.loader | OppoR7 plus | 1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e |
| com.yongfu.wenjianjiaguanli | Xiaomi Redmi | e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d |
| air.fyzb3 | Galaxy Note 4 | c4eac5d13e58fb7d32a123105683a293f70456ffe43bb640a50fde22fe1334a2 |
| com.ddev.downloader.v2 | Galaxy Note 5 | 92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f |
| com.mojang.minecraftpe | Galaxy Note Edge | fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429 |
| com.androidhelper.sdk | Lenovo A850 | b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750 |