It feels like we're seeing news about Android malware much more often these days, often in relation to Google's increasingly poor grip on Play Store apps' security. But more often than not that type of malware comes from third parties with no real access to users' devices.
Not this time, though: according to researchers at Dr. Web, a particular Trojan strain named Triada has been discovered on several cheap, Chinese-made devices. The major difference, however, is that rather than infect users from the outside, Triada actually comes pre-installed on their devices. And since it comes loaded into a major Android system library, it has access to any application currently running on the phone.
As for the offenders, the researchers name four specific devices from two manufacturers: the Leagoo M5 Plus and M8, and Nomu S10 and S20. Sure, both of these companies aren't exactly household names, but as of writing, all of the devices mentioned can still be freely purchased through Amazon. And seeing as ultra-cheap phones are often some of the best-selling devices on the site, this has serious implications for the end consumer.
In a similar case, U.S. phone maker Blu had its devices removed from Amazon's Prime exclusive program due to a recent report on their potentially risky data-sharing behavior. Blu, however, is publicly refuting these claims, and argues that its Chinese partner's data collection is intended for OTA update purposes only.
Dr Web stops short of claiming Leagoo and Nomu are to blame for the malware, instead suggesting individuals inside the respective companies or their partners are responsible instead. It has also reportedly notified the two manufacturers of the issue, and recommends users to install any future software updates. Regardless of who did it, though, the end result is the same: devices are getting sold pre-installed with malware.