By Trend Micro cybersecurity researchers have found a concerning supply chain attack in which millions of Android devices are infected with info stealer malware before they ever leave the factory.
The majority of the devices impacted are low-cost smartphones, but the attack also spread to smartwatches, smart TVs, and other smart gadgets.
Fyodor Yarochkin, senior Trend Micro researcher, and his colleague Zhengyu Dong recently spoke about this subject at a conference in Singapore, saying that the source of the problem is fierce competition among original equipment manufacturers.
Plugins that operate quietly
As it turns out, smartphone manufacturers do not manufacture all of the components. A third-party firmware supplier, for example, creates firmware. However, as the cost of mobile phone firmware continued to fall, the providers were unable to charge for their services.
As a result, Yarochkin added, the items began to include an undesirable additional in the shape of “silent plugins.” Trend Micro discovered “dozens” of firmware images containing malicious software, as well as 80 distinct plugins. According to the researchers, some plugins were part of a larger “business model” and were offered on dark web forums as well as conventional social networking platforms and blogs.
These plugins can steal critical information from the device, intercept SMS messages, take control of social media accounts, exploit the devices for ad and click fraud, misuse traffic, and so on. One of the most serious issues, according to The Register, is a plugin that allows the buyer to take complete control of a device and use it as a “exit node” for up to five minutes.
According to Trend Micro, this supply chain attack has affected about nine million devices worldwide, with the majority of them located in Southeast Asia and Eastern Europe. The researchers did not wish to name the culprits, although they did mention China several times, according to the report.
