According to the authors of both reports, they found several rows of Android devices that contain pre-installed malware and cannot be removed by users without very complex actions.

first report

The first message came from security company Trend Micro. Its researchers said the malware infected 8.9 million phones from 50 different brands. This software is called Guerrilla and was first identified by the Sophos company, which found 15 malicious apps allowed by Google for its Play Market store.

Guerrilla opens a backdoor that forces infected devices to regularly contact a remote command and control server to check for new malicious updates to be installed. These malicious updates collect user data, which Trend Micro calls the Lemon Group, which the attacker can sell to advertisers. Guerrilla then secretly installs aggressive advertising platforms that can drain your battery and ruin your user experience.

Guerrilla is a massive platform with nearly a dozen plugins that can block WhatsApp user sessions to send spam messages, install a reverse proxy from an infected phone and use the network resources of an infected mobile device, and even inject ads into legitimate third-party apps. .

Country with highest concentration of infected phones UNITED STATES OF AMERICA. They are followed by Mexico, Indonesia, Thailand and Russia.

second report

The second report was published by TechCrunch. It details several lines of malware-infected Android-based TV boxes sold through Amazon. Reportedly, STBs with h616 indexed T95 models are controlled by a command and control server, such as Guerrilla’s servers, that can install any program the malware creators want. The default malware pre-installed on set-top boxes is known as “clickbot”. It earns ad revenue by secretly clicking on ads in the background.

The publication tells the story of researcher Daniel Milisic, who accidentally bought one of the infected consoles. Their findings were independently verified by Bill Buddington, a researcher at the Electronic Frontier Foundation.

What conclusions can be drawn?

Android devices that ship with malware out of the box are unfortunately nothing new. There are many such situations. But the most interesting thing is that in any case, inexpensive models of little-known brands appear. That is why researchers recommend focusing on relatively well-known brands with a reputation – Samsung, Asus, OnePlus and others. To date, there have been no reports of high-end Android devices pre-installed with the malware. There is no such report for iPhone. Of course, this means higher costs, but as a result, the user will be assured of stable operation and that his smartphone will not hand over the data directly into the hands of program developers like Guerrilla.