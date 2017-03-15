Check Point discovered that the 36 Android devices had not been infected by a user accidentally downloading a virus, but had been received with the malware already installed.

The devices were mostly of Samsung Galaxy models as well as Lenovo, Xiaomi and Asus products. The malware itself mostly consisted of info stealers and advertising malware. Notable discoveries were the presence of Slocker mobile ransomware and Loki advertising malware which makes money by not only displaying illicit adverts but stealing data too. Six of the devices' ROMs had been infected using system privileges, meaning that devices had to be reflashed in order to be purged of the infection.

On their way down the supply chain to two unnamed recipients - a “large telecommunications company” and a “multinational technology company” - the devices had been infected. The researchers noted that,”the discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge.”

Supply chains are often the cause of large organisations' security woes. One organisation can take account for its own perimeter, but that becomes a harder task when thinking about the security of business associates. If an adversary wants to breach a well secured organisation, then all they have to do is attack one of their associates and get in through there. Plenty of organisations have fallen victim to just such a circumstance. The retail giant Target, is believed to have been exploited in just such a way in 2013. The supplier of the company's HVAC systems was hacked into late in that year, in order to access the company. The breach ended up costing the company US$61 million according to its financial report.

Google did not respond for comment in time for publication.

This article originally appeared at scmagazineuk.com