Over 40 Android Phone Models Ship Infected with Trojan

If you want to buy a cheap Android phones, one way is to go to some Chinese e-retailers and purchase the phone that matches your requirements. Most phones will work reasonably well, but one thing that’s common to most/all Chinese manufacturers is lack of firmware updates and concerns for security. So you may only get 2 or 3 firmware update during the lifetime of your phone, if any, and usually the Android security patch is rather old.

But Dr.Web discovered several Android smartphone models that ships with a Trojan (Android.Triada.231), in other words, the stock firmware is already infected with malware. The company found over 40 injected models, but the list may still grow

Android.Triada trojans infect the Zygote process, which is used to launch all applications in Android. Once the module is infected, it becomes possible to download and launch software without the user’s knowledge. The 231 variant of Android Triada is injected into libandroid_runtime.so system library, not distributed as a separate program, and that way it’s easier to penetrate the device firmware during production.

The company contacted the manufacturers of injected devices – such as Leagoo, Cubot, Zopo, Doogee, Cherry Mobile, and other lesser known vendors – about this issue last summer, but some models are still shipped with infected firmware. After researching the source of the malware on Leagoo M9 smartphones in particular, Doctor Web security researchers showed the Trojan’s penetration happened at the request of a Shanghai based software development company, that provided instructions to Leagoo in order to add third-party code into system libraries before compilation. Leagoo may not have thought much of it, build the firmware with that code, and shipped it to customers.

Click to Enlarge

To check for infection you can install and run Dr.Web Security Space with a full scan. I installed it with a 14-day trial license on Xiaomi Mi A1, and the phone is clean. As an Android One phone, it’d better be! In case, you are infected, the app can remove the Trojan as long as your phone is rooted. If it is not, you’ll have to ask the manufacturer or seller for a clean firmware.

Thanks to TLS & tkaiser for the tip

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX RK3588 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
5 Comments
oldest
newest
TC
TC
6 years ago

And that’s why one should stick to Xiaomi.

qwiqooq
qwiqooq
6 years ago

And the post immediately below this post is “CUBOT X18 Plus 4G Smartphone Sells for as Low as $79.99 (Promo)”.

Jessi
Jessi
6 years ago

@TC
Xiaomi is not a retailer, so it won’t make a difference, in fact my Xiaomi device came with malware which couldn’t be removed without root.

Paul M
Paul M
6 years ago

buy malware, get a free phone!

Boardcon Rockchip RK3588S SBC with 8K, WiFI 6, 4G LTE, NVME SSD, HDMI 2.1...