OFFICIAL SECURITY BLOG
March 5, 2014 | BY Armando Orozco
A common theme when it comes to installing apps on Android is to stick to trusted and reputable sources.
Well, it seems that we might have to use that advice with device purchases. PCWorld reports that MDM firm Marble Security discovered malware on newly purchased devices belonging to a potential customer.
The malware was discovered in a fake Netflix app that was pre-installed on the devices, according to Marble Security.
There is no further information about the malware at this time, I wonder if it was installed at system level or user level.
If it’s a system app then the removal process is difficult, if user level it could be easily uninstalled. This information could help track at what point it was initially installed.
The devices were from popular manufactures like Samsung, LG and Motorola. There is no mention of who the supplier was, but it’s likely these were refurbished or used devices.
The malware could’ve been installed at any level of the distribution process, quite possibly unknowingly installed.
Apps that come pre-installed are often blindly trusted, as they probably should be, we often refer to them as bloatware and probably ignore them.
Ignoring makes sense, the logic there is, “If I don’t run ,it’s not a big deal.” Problem is, often those apps have services that have already been loaded, so the app is already running.
Malicious apps can be hidden anywhere, in our research we often see malware using the same digital certificates as legitimate apps bundled in custom ROMs. Its conceivable malware could make it into one of our favorite ROMs, using the digital cert to help validate itself. Unlikely, but something we have to consider.
This is another of those edge cases none of us will likely encounter, but it’s a reminder of how easily malware can be distributed and overlooked.