Trend Micro, a cybersecurity research firm, has uncovered a supply chain attack that has infected a substantial number of Android devices with infostealer malware, even before they leave the factory.
This attack, affecting not only budget smartphones but also smartwatches, smart TVs, and other smart devices, was brought to attention by Senior Trend Micro researcher Fyodor Yarochkin and his colleague Zhengyu Dong during a conference in Singapore.
The problem originates from the fact that smartphone manufacturers no longer produce all components in-house. Instead, they rely on third-party firmware suppliers to build firmware, which has become cheaper over time. However, as the price dropped, these suppliers found it increasingly difficult to monetize their products. Consequently, products started including undesirable additions in the form of “silent plugins,” as Yarochkin explained.
Trend Micro’s investigation unveiled numerous firmware images that searched for malicious software and 80 distinct plugins. Some of these plugins were part of a broader “business model” that was openly marketed on mainstream social media platforms, blogs, and even sold on dark web forums.
These plugins possess the capability to steal sensitive information from the infected device, such as SMS messages, take control of social media accounts, engage in ad and click fraud, manipulate traffic, and more. Of particular concern is a plugin that allows the buyer to gain complete control of a device for up to five minutes and utilize it as an “exit node.”
Trend Micro estimates that nearly nine million devices worldwide have fallen victim to this supply chain attack, predominantly concentrated in Southeast Asia and Eastern Europe. While the researchers refrained from naming the perpetrators directly, China was alluded to on multiple occasions.
This discovery of the supply chain attack serves as a significant menace to Android devices worldwide. It emphasizes the imperative for companies to maintain a vigilant approach to their supply chains, ensuring meticulous evaluation of all components before their utilization.
Moreover, it highlights the importance of partnering with reputable suppliers and conducting routine security audits to identify and rectify any potential vulnerabilities.