Supply Chain Malware Found on Android Phones and Tablets

I really hate it when I have to use this image, but here we are once again.

Last Friday security firm Check Point published a blog post detailing malware found in products from “a multinational technology company” and “a large telecommunications company”. I can only surmise that the latter is a carrier; the former would seem to suggest an online retailer, but the products from Lenovo, Oppo, Vivo and Xiaomi makes me think that it’s not Best Buy.

What’s unique about this particular infections is that they were added in the supply chain—that is, somewhere between the manufacturer and end user. Here’s the list of infected devices, with the offending APKs in italics:

Asus Zenfone 2 / Lenovo S90
com.google.googlesearch

Lenovo A850
com.androidhelper.sdk

Lenovo S90
com.skymobi.mopoplay.appstore

Oppo N3 / Vivo X6 plus
com.android.ys.services

Oppo R7 Plus
com.example.loader

Samsung Galaxy A5
com.android.deketv

Samsung Galaxy A5
com.baycode.mop

Samsung Galaxy Note 2 / LG G4
com.fone.player1

Samsung Galaxy Note 2 / Xiaomi Mi 4i
com.sds.android.ttpod

Samsung Galaxy Note 3 / Galaxy Note 4 / Galaxy Note Edge / Galaxy S4
com.changba

Samsung Galaxy Note 4
air.fyzb3

Samsung Galaxy Note 4 / Galaxy Note 8.0
com.kandian.hdtogoapp

Samsung Galaxy Note 5
com.ddev.downloader.v2

Samsung Galaxy Note Edge
com.mojang.minecraftpe

Samsung Galaxy S4
com.kandian.hdtogoapp

Samsung Galaxy S4 / Galaxy S7
com.lu.compass

Samsung Galaxy S4
com.mobogenie.daemon

Samsung Galaxy Tab 2
com.armorforandroid.security

Samsung Galaxy Tab S2
com.example.loader

Xiaomi Redmi
com.yongfu.wenjianjiaguanli

ZTE x500
com.iflytek.ringdiyclient

Hopefully no one reading this is affected by any of the malware listed above. If you want to make sure your device is safe, Check Point, Lookout and Malwarebytes are three malware scanners recommended by Ars Technica.

Sources: Check Point via Ars Technica