Trend Micro’s cybersecurity researchers discovered an alarming supply chain attack in which millions of Android devices had malware before they left the factory.
While the affected devices are mostly affordable smartphones, the attack seems to have spread to smartwatches, smart TVs and other smart devices as well.
Senior Trend Micro researcher Fyodor Yarochkin and colleague Zhengyu Dongrecently spoke about this problem at a conference in Singapore and stated that the root of the problem is ruthless competition.
Smartphone manufacturers do not manufacture all the components themselves. For example, the firmware may be created by a third-party firmware vendor. However, as the price of mobile phone firmware continues to fall, providers of this software are unable to charge money for their products.
The danger that comes with silent plugins
That is why Yarochkin says that products are “silent pluginsHe says he started to come up with unwanted extras in the form of ”. Trend Micro cites dozens of firmware and 80 different plug-ins in their search for malware. Some plugins are part of a broader business model, sold on dark web forums and even marketed on mainstream social media platforms and blogs, the researchers said.
These plugins can steal sensitive information and SMS messages from the device, take control of social media accounts, use devices for advertising and click fraud, misuse traffic and perform many other malicious actions. The Register states that one of the most serious problems is a plugin that allows it to take full control of a device for up to five minutes and use it as an outlet.
Trend Micro says data shows that close to nine million devices worldwide were affected by this supply chain attack, and most of them. He says it’s found in Southeast Asia and Eastern Europe. The publication also noted that the researchers did not want to name the perpetrators, but did mention China several times.