The backdoor installed on Android devices

during In July 2019, US digital giant Google confirmed that some devices during the factory manufacturing were corrupted by a backdoor that was blamed on them.

According to Google, during the manufacture of some Android devices, people of bad intentions install backdoors with the intention of using them once their devices are in circulation.

This article will also interest you: These android apps on PlayStore corrupt that jeopardize our computer security

this revelation was made following several years of analysis by specialists Google's pay. The backdoors involved are a set of malware made up of the "Triada family," known in the cybercrime community for its the feature used to put spam and advertising on Android devices since now 2016. According to Lukasz Siewierski, a member of the Android Security – Privacy team from the US firm: "Triada infects images from the device's system via a third party part of the production process. Sometimes OEMs want to include features that are not part of the Android Open Source project, such as face unlocking. The OEM may partner with a third party who can develop the desired functionality and send the full system image to this supplier for development."

that program then allows responsible for being able to install multiple software malicious on smartphones from manufacturing plants even before users don't have time to touch them. The discovery of these pre-installed malware has started in real time since 2017, on some mobile devices on Android such as smartphones

  • Leagoo (M5 plus and M8 models)
  • Nomu (S10 and S20 models)

the vulnerability was perceived by cybersecurity firm Dr. Web. The purpose of the cyber hackers according to the engineers of this company would take the control of infected mobiles once they are in circulation. This is how malware which will be used to attack the smartphone once circulation are called zygote, a set of programs derived from the launcher malware. "Libandroid_runtime.so is used by all Android applications, which means that the malware ends up being injected into the memory area of all applications in operation," had explained Dr. Web's engineers, who added that "the main function of this malware is to download additional malicious components. »

and given the way the programs were installed, they are related to the strain operating systems, making them insensitive to the standard mode of correction or packets of security. This means that, in spite of any kind of protection or update the hackers were sure to continue using their program to infiltrate and steal data from these smartphones.

However, Google assured in a blog post that it is doing everything possible to ensure that the threat is permanently erased because for some time, the American city was in the oven and mill with the manufacturer to permanently remove from the firmware traces of the software used for the infections originally.

Now access an unlimited number of passwords:

Check out our hacking software