More than 40 Android phones that were sold with pre-installed malware detected

  • More than 40 Android phones have been detected with pre-installed malware since 2017, compromising user security.
  • The Android.Triada.231 Trojan steals personal and banking data by injecting itself into system applications.
  • Malware is introduced during manufacturing, making it difficult to remove, requiring updates from the manufacturer.
  • The list includes devices from brands such as Leagoo, Doogee, and Umi, which are at risk of further infection.

malware steals android conversations

Android security is compromised on many occasions by the fragmentation of the various versions of the system or the lack of security patches. However, in the case of these more than 40 mobiles, the malware was pre-installed as standard.

More than 40 Android phones with pre-installed malware since mid-2017

Security for Android users is a problem due to the nature of Google's operating system, but it is much worse when we come across cases like the one at hand today. More than 40 Android mobiles with pre-installed malware as standard have been detected since mid-2017. Most of them are of Chinese origin and it seems that the cause of the problem is a collaboration with a Shanghai company, whose software included this malware that was was in charge of stealing the data of its users.

The Trojan, named Android.Triada.231, has been found in terminals of companies such as Leagoo, Doogee, Umi or Cubot. We even talk about devices launched in December 2017 as the Leagoo M9. Regarding the data that this Trojan stole from its users, there are not only personal data, but also bank account data. The Trojan injects itself into Zygote, an operating system process required to launch applications. In this way, the Trojan entered all the applications that were active.

From there, the Trojan is able to do whatever it wants, basically. You can even download and activate software, and worst of all, this Trojan gets into your system during manufacture. It camouflages itself in one of the Android libraries and starts stealing information from the moment it is turned on for the first time.

The main problem with this is that to solve it it is necessary to update the entire system, deleting the infected parts by the manufacturer. From the user side, some steps could be performed on rooted devices, but the definitive solution can only come from the manufacturer. Also, despite the fact that only slightly more than 40 devices have been confirmed, the infection could be higher.

Confirmed list of infected devices

  • Leagoo M5
  • Leagoo M5 Plus
  • Leagoo M5 Edge
  • Leagoo M8
  • Leagoo M8 Pro
  • Leagoo Z5C
  • Leagoo T1 Plus
  • Leagoo Z3C
  • Leagoo Z1C
  • Leagoo M9
  • ARK Benefit M8
  • Zopo Speed ​​7 Plus
  • UHANS A101
  • Doogee X5 Max
  • Doogee X5 Max Pro
  • Doogee Shoot 1
  • Doogee Shoot 2
  • Tecno W2
  • Homtom HT16
  • Umi London
  • Kiano Elegance 5.1
  • iLife Fivo Lite
  • Mito A39
  • Vertex Impress InTouch 4G
  • Vertex Impress Genius
  • myPhone Hammer Energy
  • Advan S5E NXT
  • Advan S4Z
  • Advan i5E
  • STF AERIAL PLUS
  • STF JOY PRO
  • Tesla SP6.2
  • Cubot Rainbow
  • EXTREME 7
  • Haier T51
  • Cherry Mobile Flare S5
  • Cherry Mobile Flare J2S
  • Cherry Mobile Flare P1
  • NOA H6
  • Pelitt T1 PLUS
  • Prestigio Grace M5 LTE
  • BQ 5510