Trend Micro discovers new supply chain attack

Share post:

Trend Micro has discovered a supply chain attack that infected millions of Android devices with infostealer malware even before they left the factory. The hack has also affected other smart products, such as smartwatches and smart TVs, raising concerns among consumers and industry experts alike.

Senior Trend Micro researcher Fyodor Yarochkin and colleague Zhengyu Dong blamed rivalry among original equipment manufacturers (OEMs). It appears that smartphone manufacturers outsource the creation of certain components, such as firmware, to third-party providers. These vendors, however, have failed to monetize their goods because to falling prices in the mobile phone firmware market.

As a result, according to Yarochkin, gadgets have begun to arrive with unanticipated modifications in the form of “silent plugins.” Many firmware images contain dangerous malware and 80 distinct plugins. Some of these plugins were part of a larger “business model” and were offered on dark web forums as well as conventional social networking platforms and blogs.

These plugins are capable of collecting personal information, intercepting SMS messages, hijacking social media accounts, committing ad and click fraud, and manipulating site traffic. One of the plugins gives customers complete control over a device for up to five minutes, allowing them to use it as a “exit node,” as The Register points out.

The sources for this piece include an article in TechRadar.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways