According to Trend Micro researchers at Black Hat Asia, millions of smartphones worldwide come pre-installed with malware even before it leaves the factories. According to these researchers, most devices affected by this phone virus symptoms are mostly low-end smartphones. They also extended the claim of pre-installed viruses to smartwatches, TVs, and many other digital devices. The Trend Micro researchers at Black Hat Asia analyzed and added more information about how the installation of viruses happens to a smartphone even before it gets to the factory for shipping.
Trend Micro researchers at Black Hat Asia noted that the issue all starts from the software supply chain of most smartphone producers. Some software components of the smartphone are outsourced to an original equipment manufacturer (OEM).
It is in the process of outsourcing and receiving back these software components that someone within the supply chain pipeline infects the software component with viruses. When packaged and shipped to a user, the phone comes with pre-installed phone virus symptoms. This malware infection has been going on for a while, as a prominent tech website named The Register discussed a similar virus attack in 2017.
The Register raised awareness of the new methods of virus infiltration in smartphones saying, "One type of plugin, proxy plugins, allow miscreants to rent out devices for up to around five minutes at a time. For example, those renting the control of the device could acquire data on keystrokes, geographical location, IP address, and more." The company making device firmware usually starts small, compromising the security of a smartphone with viruses. Once the virus has been activated on the mobile phone, it spreads to other smartphone parts.
Plugins Helping to Compromise Phone Security
Researchers have concluded that some plugins are helping cyber attackers steal sensitive data from the internet. One of the major plugins that allow cyber attackers to conduct their bad act is proxy plugins.
These proxy plugins allow attackers to acquire data on keystrokes, geographical location, IP address, and more when they rent out a device for about 5 minutes. "The user of the proxy will be able to use someone else’s phone for a period of 1200 seconds as an exit node," one of the Trend Micro researchers said.
Where are the Threats Coming From?
Before talking about mobile virus protection, Mr. Yarochkin, one of the Trend Micro researchers, said one or two things about the origin of the viruses that come pre-installed in a smartphone. According to the researcher, no finger was being pointed, but most of the answers that came back on the origin of these viruses were from China. Although China showed up multiple times, Yarochkin still noted there were other countries that showed up too.
"Even though we possibly might know the people who build the infrastructure for this business, it's difficult to pinpoint exactly how this infection gets put into this mobile phone because we don’t know for sure at what moment it got into the supply chain," Yarochkin said.
He added that big brands like Samsung and Google are better Android smartphone alternatives." Big brands like Samsung and Google took care of their supply chain security relatively well, but for threat actors, this is still a very lucrative market," Yarochkin said.