If you’ve ever discovered one of your devices had been infected with malware, you know how disruptive and frustrating it can be to attempt to unravel the dirty deed left by a scumbag hacker. However, none of us expect devices we’ve just purchased that are brand new to have any malicious dangers on them right out of the box. Unfortunately, this has become the case for many Android phone and TV box owners whose devices came with malware preinstalled on them.
How did the devices come preinstalled with malware?
There have been two separate reports detailing how these mobile and television devices were allowed to be sold with malware already installed in them. The first report came from the security firm Trend Micro. The team at Trend Macro discovered that around 8.9 million Android phones came with malware known as Guerrilla already on the devices. Guerrilla was first discovered and reported on by the security firm Sophos, and they found that the malware was active in 15 different apps available on the Google Play Store.
Credit: Trend Micro
The second report by a researcher at GitHub found that two China-based companies that power several wildly popular Android TV boxes sold on Amazon were intentionally and covertly included with malware. The affected models include the AllWinner T95, AllWinner T95Max, RockChip X12-Plus, and RockChip X88-Pro-10. The malware within them is capable of launching coordinated cyberattacks.
What does the malware on these devices do?
For the Android TV boxes, Guerrilla will report to a command-and-control server which then allows the cybercriminals to install any app they want onto the TV. It also will tap on ads in the background to generate advertising revenue.
Credit: Amazon
Meanwhile, the Guerrilla malware has numerous capabilities on these devices. On Android devices, it opens a backdoor that forces the Android to communicate with a remote command-and-control server to check if there are any new malicious updates for it to install. Every update collects more and more data about the owner of the Android, and the threat actor then uses that data to sell to advertisers. Guerrilla will also diminish the battery life of the Android and worsen the owner’s overall user experience.
MORE: ANDROID SPYWARE STRIKES AGAIN TARGETING FINANCIAL INSTITUTIONS AND YOUR MONEY
What do I do if malware is already on my device?
If you find that you already have malware preinstalled on your Android device, the best thing for you to do is immediately install antivirus software. Antivirus software will be able to detect and remove malicious software that has already been installed on your device and alert you of any phishing emails or ransomware scams. Plus, antivirus software will prevent you from clicking a malicious link that could install malware on your device in the first place.
Get my picks for best antivirus protection software here
And if you’re interested in purchasing an Android phone for the future, it might be best to consider brands like Samsung, Asus, or OnePlus as there have never been reports of preinstalled malware for these higher-quality brands.
MORE: 60 GOOGLE PLAY APPS INFECTED WITH ANDROID MALWARE AFFECTING MILLIONS
Disconnect from the internet
Turn off Wi-Fi and mobile data to prevent the malware from communicating with its command and control servers or downloading additional malicious content.
Restart your device in safe mode
Restart your device and enter safe mode. This mode disables third-party apps, including malware, allowing you to investigate and remove it more effectively. To restart your Android device and enter safe mode, you can follow these steps:
Settings may vary depending on your Android phone’s manufacturer
- Press and hold the Power button on your Android device until you see the power menu options
- Tap and hold the “Power Off” or “Restart” option on the screen. This will prompt a pop-up window asking if you want to reboot your device in safe mode
- Select the “OK” or “Restart in Safe Mode” option, and your device will restart
- Once your device boots up, you will notice the words “Safe mode” displayed on the bottom left or right corner of the screen, indicating that you are in safe mode
Note: To exit safe mode, simply restart your device as you normally would. Upon rebooting, your Android device will start in regular mode, and all your apps will be accessible again
Update your device and apps
Keeping your device and apps up to date ensures you have the latest security patches, which can help protect against malware. Settings may vary depending on your Android phone’s manufacturer.
Here’s how to update your phone:
- Go to Settings
- Scroll down to software update and tap it
- Hit download and install to check for any available updates
- Additionally, update your apps through the Google Play Store.
Here’s how to update your apps:
- Open the Google Play Store app on your Android device. The app’s icon typically resembles a colorful triangle
- Once the Play Store is open, tap your initial on the top-right corner of the screen to open the menu
- In the menu, select “Manage apps and devices.” This will take you to the list of apps installed on your device.
- Tap updates available. You will see a list of apps with pending updates. To update all apps at once, tap on the “Update all” button. If you prefer to update specific apps, scroll through the list and individually tap the “Update” button next to each app you want to update.
Once the updates are complete, the apps will be up-to-date, and you can start using them with the latest features and bug fixes.
Change passwords
If you suspect that your accounts may have been compromised, change the passwords for your important accounts, such as email, social media, and online banking, from a secure device. Be sure to create strong passwords for your accounts and devices and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
Get more details about my best expert-reviewed Password Managers of 2023 here.
Kurt’s key takeaways
Research extensively if you’re searching for a new phone or TV. The last thing you want is to purchase a device that has been preinstalled with malware, so look up the brand you’re considering first to see if they have a history of this before making a purchase. Of course, there’s no guarantee. However, being cautious and informed gives you a better chance that your purchase doesn’t bring you any unwanted surprises.
How alarming is it to know that Android phones and TV boxes are being installed with malware? Should there be more being done about this? Let us know by commenting below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Related:
- Delete this popular task manager app right away if you’re an Android User
- Android spyware strikes again targeting financial institutions and your money
- 60 Google Play apps infected with Android malware affecting millions
🛍️ SHOPPING GUIDES:
KIDS | MEN | WOMEN | TEENS | PETS |
FOR THOSE WHO LOVE:
COOKING | COFFEE | TOOLS | TRAVEL | WINE |
DEVICES:
LAPTOPS | TABLETS | PRINTERS | DESKTOPS | MONITORS | EARBUDS | HEADPHONES | KINDLES | SOUNDBARS | KINDLES | DRONES |
ACCESSORIES:
CAR | KITCHEN | LAPTOP | KEYBOARDS | PHONE | TRAVEL | KEEP IT COZY |
PERSONAL GIFTS:
PHOTOBOOKS | DIGITAL PHOTO FRAMES |
SECURITY
ANTIVIRUS | VPN | SECURE EMAIL |
CAN'T GO WRONG WITH THESE: