A report published Friday by Check Point Software Technologies found malware pre-installed on a large amount of high-end Android smart phones. In total, Check Point found 36 different types of Android phones were infected with the malware. The smart phones were being distributed by two currently unidentified companies.

The malware found was in the form of malicious applications installed on the devices. The malicious apps weren’t part of the official ROM firmware supplied by the phone manufactures, but were added later along the supply chain. In several of the cases, the applications were installed on the ROM using system privileges, which indicates that the phones firmware had been flashed.

“This finding proves that, even if a user is extremely careful, never clicks a malicious link, or downloads a fishy app, he can still be infected by malware without even knowing it,” Check Point Mobile Threat Researcher Daniel Padon said. “This should be a concern for all mobile users.”

Two families of malware were found on the infected devices: Loki and SLocker. The Loki Trojan injects devices right inside core Android operating system processes to gain powerful root privileges. The trojan also grabs a list of current applications, browser history, contact list, call history, and location data from the phones. Another application found was a mobile randsomware named “Slocker”, which uses Tor to conceal the identity of its operators.

Check Point has stated that they are unsure if the two companies were targeted or if this was part of a larger scale attack that could potentially effect a larger portion of smart phone consumers around the globe.

List of Popular Smartphones Infected with Malware:

  • Galaxy Note 2
  • LG G4
  • Galaxy S7
  • Galaxy S4
  • Galaxy Note 4
  • Galaxy Note 5
  • Xiaomi Mi 4i
  • Galaxy A5
  • ZTE x500
  • Galaxy Note 3
  • Galaxy Note Edge
  • Galaxy Tab S2
  • Galaxy Tab 2
  • Oppo N3
  • Vivo X6 plus
  • Nexus 5
  • Nexus 5X
  • Asus Zenfone 2
  • LenovoS90
  • OppoR7 plus
  • Xiaomi Redmi
  • Lenovo A850


Due to the fact that these malicous apps were installed on the phone’s ROM using system privileges, there is not an easy solution. The two possible solutions carry great risk to the user’s device, which can cause them to become useless (or bricked). We suggest users contact their phone distributor/manufacture to request advice on how to remove the malware.


Posted by Shawn Thornton

My name is Shawn and my professional background is in Project Management and Information Technology. I received my Bachelor of Science in Management and Marketing from the Merrick School of Business at the University of Baltimore. I am currently attending school to prepare me for a Master’s program in Cyber Security. I enjoy anything tech.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s