Imagine that, despite the extreme care you took to avoid threats from infecting your devices, they turned out to be infected anyway. However, what if the device had been infected before you had even gotten your hands on it?

This is the situation that two companies found themselves in after security researchers discovered malware on 40 different company-owned devices. The firm that made the discovery, Check Point, also determined that the malware had been installed at some point while the devices were still in the supply chain. Many of the devices required a full reinstall to get rid of the malicious programs, as system privileges were used to install them.

These devices included:

  • Galaxy Notes 2, 3, 4, and 5
  • Galaxy Note Edge
  • Galaxy Tab 2 and S2
  • Galaxy S7 and S4
  • Galaxy A5
  • LG G4
  • Xiaomi MI 4i and Redmi
  • ZTE x500
  • Opportunities N3 and R7 Plus
  • Vivo X6 Plus
  • Nexus 5 and 5X
  • Asus Zenfone 2
  • Lenovo S90 and A850

Many of these devices were found to have many varieties of malware installed on them. While most were ad displaying programs and information-stealing varieties, both the Loki malware and Slocker mobile ransomware were also discovered.

These two companies, who have not been named, are by no means the first examples of production-stage malware installations. However, it does provide an excellent opportunity to revisit the importance of having all devices used for business purposes thoroughly vetted before putting them to use.

These unnamed companies serve as cautionary tales for businesses everywhere: you can never be too diligent in securing your technology. It is evident that malware distributors may be found everywhere, and they can be resourceful as they find new ways to introduce their tools into your systems. Also, this doesn’t mean if you have one of these devices, it’s definitely a risk to your data, but it is important to be aware that even a brand new device can already be infected, so centrally controlling access to your company data is very important.

What do you think? Are you concerned about the prospect of pre-installed malware being present in your company devices? Share what you think with us in the comments section.

April 7, 2017
Directive