Being infected with malware after installing an app from an untrusted third-party app store is one thing, but having a brand new box-packed phone pre-loaded with malware is altogether a different ball game. Researchers of a security company have claimed that they have come across multiple instances of brand new phones loaded with malware from four different vendors including Samsung, LG, Motorola and Asus.
Researchers over at Marble Security received complaints from its customers of a Netflix app that came pre-installed with the phones and wasn’t working. On performing a static analysis, researchers found that the app wasn’t indeed the real one and it was infact connecting to hacker controlled servers in Russia sending out confidential information such as usernames, passwords, credit card information among other things.
“We’re like, yeah, this isn’t the real Netflix,” said David Jevans, CTO and founder of Marble Security.
“You’ve got one that has been tampered with and is sending passwords and credit card information to Russia.”
The company found instances of pre-loaded rouge Netflix apps on Samsung GT-N8013 Galaxy Note tablet, the SGH-1727 Galaxy S III phone, the SCH-1605 Galaxy Note 2 phone, the SGH-1337 Galaxy S4 phone, the SGH-1747 Galaxy S III phone and the SCH-1545 Galaxy S4 phone notes PC World.
There were instances of wherein the fake app was also found on Motorola Droid Razr, Droid 4 and Droid Bionic; Asus Eee Pad Transformer TF101 and the Memo Pad Smart MT301; and LG’s Nexus 5.
Samsung denied anything to do with a preloaded Netflix app and Netflix has denied to comment on the matter.