Not all endpoints are created equal.
And according to new research, dozens of "cheap model" Android phones have been shipped with a known trojan built right in.
It also appears a company in Shanghai is linked to it.
Says AV firm Dr. Web: "In the past summer, following detection of Android.Triada.231, Doctor Web security researchers notified manufacturers who produced infected devices. However, new smartphones models continue getting infected with this malware. For example, it was detected on the Leagoo M9 smartphone that was announced in December 2017. Additionally, our analysts’ research showed that the Trojan’s penetration into firmware happened at request of the Leagoo partner, the software developer from Shanghai."
Now the company lists 40 Android models that carry the trojan, according to researchers.
"The key feature of Android.Triada.231 is that cybercriminals inject this Trojan into the libandroid_runtime.so system library. They do not distribute the Trojan as a separate program. As a result, the malicious application penetrates the device firmware during manufacture. Users receive their devices already infected from the box."
The trojan can carry out a variety of malicious activities without user intervention.
Dr. Web also says it is likely this lax attitude toward security (at best) or intentional act by bad actors (worst case) is likely widespread in the low cost Android industry.
In some ways, this could make the risk from your organization's endpoints the endpoint device, itself.
