Pre-Installed Malware Found on High-End Android Smartphones

A study by Check Point has found 36 high end smartphones of popular branding such as Samsung, LG, Xiamoni, Nexus, Oppo, Lenovo and Asus where the most infected devices being sold worldwide by two unidentified companies these companies have been preloaded the high end smart phones with malicious malware software.

The malware was discovered on infected devices after a check point scan was conducted that prevents malware from accessing endpoints with a single scan.

All the devices found vulnerable where from the Android family. The results of the scan indicated that two types of malware from infecting the devices where Loki and SLocker Ransom-ware a type malware that can lock the users device until a ransom is paid quite often in bitcoins (BTC) that communicates through the use of Tor (The Onion Route) this allows the operators of the malicious software to hide the identity of its operators.

On Friday Check Point researchers confirmed that these malicious malware applications are not indented to be part of the official Android ROM that comes installed by default by the smartphones manufacturers and vendors however the malware was installed in transit between the manufactures factory and the companies responsible for further sales of the devices.

Loki Trojan was discovered in Feb 2016 has has the capability to inject devices with malicious code in the Androids Kernel allowing an attacker to gain root privileges with root privileges the attacker would be able gain full control over the target device and listing information about installed applications, browsing history, contact and call history and geological data as well as access to edit device application permissions.

Most popular smart-phones infected

list of most infected smart-phones

  • Asus Zenfone 2
  • LenovoS90
  • OppoR7 plus
  • Xiaomi Redmi
  • Galaxy Note 2
  • LG G4
  • Galaxy S7
  • Galaxy S4
  • Galaxy Note 4
  • Galaxy Note 5
  • Xiaomi Mi 4i
  • Galaxy A5
  • ZTE x500
  • Galaxy Note 3
  • Galaxy Note Edge
  • Galaxy Tab S2
  • Galaxy Tab 2
  • Oppo N3
  • Vivo X6 plus
  • Nexus 5
  • Nexus 5X
  • Lenovo A850

The malware offers its operators unrestricted access to these infected devices, allowing the attacker to delete software files, make phones calls and text from the target device and much more.


This vulnerability shows the threats of rouge dealers and safety of devices in transit.

How can I remove the malware from my device its infected?

The malware targets the ROM one of the lower points of the Android Operating system to

If you have an effected device you can also return it to the manufacturer you bought it from and request a new device or request for a new ROM to be installed. Many of the manufactures listed above are still investigating this attack and making efforts to ensure that further devices are not infected.