"Millions of Mobile Phones Come Pre-infected With Malware, Say Researchers"

According to Trend Micro researchers at Black Hat Asia, millions of Android phones were infected with malicious firmware before they were ever shipped from their factories. Most of the devices affected are Android mobile devices, although smartwatches, TVs, and other devices are also involved. The manufacturing of the devices is outsourced to an Original Equipment Manufacturer (OEM). The researchers emphasized that this outsourcing allows someone in the manufacturing process, such as a firmware provider, to infect products with malicious code before they are shipped. The team examined dozens of firmware images in search of malware and discovered over 80 different plugins, many of which were not widely distributed. The most impactful plugins were those that had a business strategy built around them, were sold on the underground, and were openly marketed on sites such as Facebook and YouTube. The malware aims to steal information or make money from information obtained or provided. Trend Micro researchers noted that the malware makes the devices serve as proxies, which are then used to steal and sell SMS messages, hijack social media accounts, take control of online messaging accounts, and more. This article continues to discuss millions of mobile phones being infected with malware prior to being shipped. 

The Register reports "Millions of Mobile Phones Come Pre-infected With Malware, Say Researchers"