Pre-infected Android Phones Now Available

Don’t have time to go out and find some mobile malware for that new phone of yours? Now you don’t have to! As a bonus, it can be installed with “System” permissions so you can’t get rid of it even if you wanted to! How cool is that? It kind of takes the fun out of poking around seedy internet sites while trying to get infected, but thanks to the supply chain injecting malware in to your pristine ROM, you don’t have to waste any time.

Check Point found that phones by Samsung, Google, Xiaomi, ZTE, Oppo, Vivo, Asus, and Lenovo have been sold with malware such as Loki (advertising) or Slocker (ransomware) already installed. Note, this does not mean that all phones are infected, but rather that somewhere in the supply chain, this has happened. A good reason to only buy from reputable sources and go ahead and run a malware check on any new phone.


This is the list of infections spotted so far by Check Point

com.fone.player1 Galaxy Note 2
LG G4 Galaxy S7
Galaxy S4
com.kandian.hdtogoapp Galaxy Note 4
Galaxy Note 8.0 Galaxy Note 2
Xiaomi Mi 4i
com.baycode.mop Galaxy A5
com.kandian.hdtogoapp Galaxy S4
com.iflytek.ringdiyclient ZTE x500 Galaxy A5
com.changba Galaxy S4
Galaxy Note 3
Galaxy S4
Galaxy Note Edge
Galaxy Note 4
com.example.loader Galaxy Tab S2 Galaxy Tab 2 Oppo N3
vivo X6 plus
com.mobogenie.daemon Galaxy S4 5 Asus Zenfone 2
com.skymobi.mopoplay.appstore LenovoS90
com.example.loader OppoR7 plus
com.yongfu.wenjianjiaguanli Xiaomi Redmi
air.fyzb3 Galaxy Note 4
com.ddev.downloader.v2 Galaxy Note 5
com.mojang.minecraftpe Galaxy Note Edge
com.androidhelper.sdk Lenovo A850










Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.