Security researchers have found malware inside the firmware of several low-cost Android smartphones, such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.
Not all devices of these specific model lines are affected, but only a few, presumably the result of a supply chain compromise that affected a small number of users.
Phones came preinstalled with Triada banking trojan
Discovered by Russian cyber-security vendor Dr.Web, the affected phone models came with a version of the Triada malware hidden inside the Android OS Zygote core process.
The Triada trojan was first discovered in March 2016 and was initially designed to work as an Android banking trojan. Across time, Triada gained more feature becoming an all-around threat that could be used to steal all sorts of credentials, browser history, download and install new apps in adware-like schemes.
Because the trojan was designed to get root access and infect the Zygote core OS process, Triada's attack capabilities were untethered and the malware's operator had the ability to take any actions he wanted.
Triada most likely a result of supply chain compromise
This is not the first time that a smartphone maker's supply chain has been compromised. Something like this has happened before, and can usually be attributed to shady distributors. A similar case happened last year in December. This problem also affects high-end devices, not only low-cost models.
It's worse when malware or backdoors originate with firmware vendors themselves, and not because of third-party distributors.
This has happened before because of companies like Adups and Ragentek, both which embedded data-stealing backdoors into the firmware they sold to low-cost Android smartphone vendors. The smartphone makers ended up losing credibility because of the actions of one of their contractors.
Image credits: Leagoo, Nomu
Comments
cat1092 - 6 years ago
Although it's noted here that this Malware has affected 'high end' smartphones, it's also well known that Andriod exists primarily due to low cost/high volume sales. While Apple has had their share of security issues with smartphones, nowhere near on the scale, nor as often, as those powered by Android, which has ties to Linux.
We get what we pay for, there's other alternatives in some regions other than Apple that may be more secure. Or may not be, it's a crapshoot. The device (regardless of brand) may not be infected, yet the POS computer in the checkout lane may well be.
There's no easy answers to this, especially since Google keeps the Android brand closed source, therefore those in the Linux Community cannot assist with fixes. One thing that Google needs to do, rather than openly exposing competing brands security flaws, be working on their own. Better yet, become open source so that security flaws can be fixes within 24-48 hours upon discovery & pushed to subscribers, this has worked well within the Linux Community for years. This may be a driving force, or good kickoff for a Ubuntu (or other Linux competing) smartphone. It's unfortunate that some of these are for 'developing nations', isn't the US one as it stands today?
Personally, I don't have a smartphone, don't need it & if I did eventually desire one, would be a 100% Linux OS under the hood, not a hybrid & most certainly no expensive fruit brand.
Cat
inkoalawetrust - 6 years ago
I don't care as long as i don't get ads.