If you’ve ever discovered one of your devices had been infected with malware, you know how disruptive and frustrating it can be to attempt to unravel the dirty deed left by a hacker.
However, none of us expect brand-new devices we’ve just purchased to have any malicious dangers on them right out of the box. Unfortunately, this has become the case for many Android phone and TV owners whose devices came with malware pre-installed on them.
How did the devices come pre-installed with malware?
There have been two separate reports detailing how these mobile and television devices were allowed to be sold with malware already installed on them. The first report came from the security firm Trend Micro. The team at Trend Macro discovered that around 8.9 million Android phones came with malware known as Guerrilla already on the devices.
Guerrilla was first discovered and reported on by the security firm Sophos, and they found that the malware was active in 15 different apps available on the Google Play Store.
The second report, by a researcher at GitHub, found that two China-based companies that power several wildly popular Android TV boxes sold on Amazon were intentionally and covertly included with malware. The affected models include the AllWinner T95, AllWinner T95Max, RockChip X12-Plus, and RockChip X88-Pro-10. The malware within them is capable of launching coordinated cyberattacks.
What does the malware on these devices do?
For the Android TV boxes, Guerrilla will report to a command-and-control server which then allows the cybercriminals to install any app they want onto the TV. It also will tap on ads in the background to generate advertising revenue.
Meanwhile, the Guerrilla malware has numerous capabilities on these devices. On Android devices, it opens a back door that forces the Android to communicate with a remote command-and-control server to check if there are any new malicious updates for it to install. Every update collects more and more data about the owner of the Android, and the threat actor then uses that data to sell to advertisers. Guerrilla will also diminish the battery life of the Android and worsen the owner’s overall user experience.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER BY HEADING TO CYBERGUY.COM/NEWSLETTER
What do I do if malware is already on my device?
If you find that you already have malware pre-installed on your Android device, the best thing for you to do is immediately install antivirus software. Antivirus software will be able to detect and remove malicious software that has already been installed on your device and alert you of any phishing emails or ransomware scams. Plus, antivirus software will prevent you from clicking a malicious link that could install malware on your device in the first place.
See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by heading to CyberGuy.com/LockUpYourTech
If you’re interested in purchasing an Android phone for the future, it might be best to consider brands like Samsung, Asus or OnePlus as there have never been reports of pre-installed malware for these higher-quality brands.
Disconnect from the internet
Turn off Wi-Fi and mobile data to prevent the malware from communicating with its command-and-control servers or downloading additional malicious content.
Restart your device in safe mode
Restart your device and enter safe mode. This mode disables third-party apps, including malware, allowing you to investigate and remove it more effectively. To restart your Android device and enter safe mode, you can follow these steps:
Settings may vary depending on your Android phone’s manufacturer
- Press and hold the Power button on your Android device until you see the power menu options
- Tap and hold the “Power Off” or “Restart” option on the screen. This will prompt a pop-up window asking if you want to reboot your device in safe mode
- Select the “OK” or “Restart in Safe Mode” option, and your device will restart
- Once your device boots up, you will notice the words “Safe mode” displayed on the bottom left or right corner of the screen, indicating that you are in safe mode
Note: To exit safe mode, simply restart your device as you normally would. Upon rebooting, your Android device will start in regular mode, and all your apps will be accessible again
Update your device and apps
Keeping your device and apps up to date ensures you have the latest security patches, which can help protect against malware. Settings may vary depending on your Android phone’s manufacturer.
Here’s how to update your phone:
- Go to Settings
- Scroll down to software update and tap it
- Hit download and install to check for any available updates
- Additionally, update your apps through the Google Play Store.
Here’s how to update your apps:
- Open the Google Play Store app on your Android device. The app’s icon typically resembles a colorful triangle
- Once the Play Store is open, tap your initial on the top right corner of the screen to open the menu
- In the menu, select “Manage apps and devices.” This will take you to the list of apps installed on your device.
- Tap updates available. You will see a list of apps with pending updates. To update all apps at once, tap on the “Update all” button. If you prefer to update specific apps, scroll through the list and individually tap the “Update” button next to each app you want to update.
Once the updates are complete, the apps will be up-to-date, and you can start using them with the latest features and bug fixes.
If you suspect that your accounts may have been compromised, change the passwords for your important accounts, such as email, social media and online banking, from a secure device. Be sure to create strong passwords for your accounts and devices and avoid using the same password for multiple online accounts.
Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
What qualities should I look for in a password manager?
When it comes to choosing the best password manager for you, here are some of my top tips.
- Deploys secure
- Works seamlessly across all of your devices
- Creates unique complicated passwords that are different for every account
- Automatically populates login and password fields for apps and sites you revisit
- Has a browser extension for all browsers you use to automatically insert passwords for you
- Allows a failsafe in case the primary password is ever lost or forgotten
- Checks that your existing passwords remain safe and alerts you if ever compromised
- Uses two-factor authentication security
Check out my best expert-reviewed password managers of 2023 by heading to CyberGuy.com/Passwords
Kurt’s key takeaways
Research extensively if you’re searching for a new phone or TV. The last thing you want is to purchase a device that has been pre-installed with malware, so look up the brand you’re considering first to see if they have a history of this before making a purchase. Of course, there’s no guarantee, but being cautious and informed gives you a better chance that your purchase doesn’t bring you any unwanted surprises.
How alarming is it to know that Android phones and TV boxes are being installed with malware? Should there be more being done about this? Let us know by writing us at CyberGuy.com/Contact
For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to CyberGuy.com/Newsletter
Copyright 2023 CyberGuy.com. All rights reserved.
- The Fox News Channel, abbreviated FNC, commonly known as Fox News, and stylized in all caps, is an American multinational conservative cable news television channel based in New York City. It is owned by Fox News Media, which itself is owned by the Fox Corporation.
- HeadlinesDecember 3, 2023I’m a doctor living with diabetes and I learned 3 key points about the disease and mental health
- HeadlinesDecember 2, 2023Zambian landslide: At least 7 miners killed, 20 missing after copper mine catastrophe
- HeadlinesDecember 2, 2023UN ends political mission in Sudan, where world hasn't been able to stop bloodshed
- HeadlinesDecember 2, 2023Rio Grande buoys installed by Texas ordered to be removed as overwhelmed Arizona border crossing closes