Cybersecurity researchers from Trend Micro have discovered a worrying supply chain attack in which millions of Android devices are infected with infostealer malware before they even make it out of the factory.

The affected device are mostly budget smartphones, but the attack also spilled into smartwatches, smart TVs, and other smart devices.

Senior Trend Micro researcher Fyodor Yarochkin, and his colleague Zhengyu Dong recently spoke about this issue at the conference in Singapore, noting the root of the problem stems from brutal competition among original equipment manufacturers. 

Silent plugins

As it turns out, smartphone makers aren’t making all of the components. Firmware, for example, is being built by a third-party firmware supplier. However, as the price of mobile phone firmware kept dropping, the providers ended up being unable to charge money for their products. 

Hence, Yarochkin explained, the products started coming with a little unwanted extra in the form of “silent plugins”. Trend Micro found “dozens” of firmware images looking for malicious software, and 80 different plugins. Some plugins were part of a wider “business model”, the researchers said, were sold on dark web forums, and even marketed on mainstream social media platforms and blogs.

These plugins are capable of stealing sensitive information from the device, steal SMS messages, take control of social media accounts, use the devices for ad and click fraud, abuse the traffic, the list goes on. One of the more serious problems, The Register stressed, is a plugin that allows the buyer to take full control of a device for up to five minutes, and use it as an “exit node”. 

Trend Micro says the data suggests that close to nine million devices worldwide are affected by this supply chain attack, the majority of which are located in Southeast Asia and Eastern Europe. The researchers didn’t want to name the perpetrators, but they did mention China a few times, the publication concluded.

Via: The Register

Go to Source

Follow us on FacebookTwitter and InstagramWe are growing. Join our 6,000+ followers and us.

At will strive to help turn Tech Rookies into Pros!

Want more articles click Here!

Deals on Homepage!

M1 Finance is a highly recommended brokerage start investing today here!

WeBull. LIMITED TIME OFFER: Get 3 free stocks valued up to $6300 by opening & funding a #Webull brokerage account! “>Get started >Thanks for visiting!

Subscribe to our newsletters. Here! On the homepage

Tech Rookies Music Here!

Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.

Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting

Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.