Loki Malware Found Preinstalled In 38 Android Smartphone Models

It is pretty well known that Android devices are often the target of malware outbreaks due to the open nature of the software platform and also because it is by far the most prolific mobile operating system in use around the globe. In most cases, this malware finds its way onto a device after it is in the hands of its new owner, but a new report suggests that some Android smartphones are making their way to customers with dangerous software packages already installed.

Researchers at Check Point have discovered that malware has been found on 38 different Android models that were owned by a “large telecommunications company and a multinational technology company”. What’s most interesting is that the malware was found to be installed on the devices when the two companies took possession of the devices.

Image Source: Bianca Moraes/flickr

According to Check Point, this latest case of malware being installed on brand new devices is quite alarming in its scope. “The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain,” writes Check Point’s Oren Koriat. “Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”

Some of the malicious software found in the devices includes Slocker, which is a nasty ransomware package that uses AES encryption to obfuscate your personal details and Loki, which can take full control of your device and use its nefarious hooks to make money using rogue advertisements.

Koriat goes on to say users that receive an Android device with preinstalled malware might not even notice that they are being compromised until it is too late. And given that the two aforementioned companies only found about the exploits through the use of a security audit, it is imperative that all Android users take additional steps to ensure that they devices are safe and free of infections.


Users are urged to “implement advanced security measures capable of identifying and blocking any abnormality in the device’s behavior.” In other words, install a malware scanner as soon as you take possession of a device to make sure that you are in the clear.

According to Check Point, this is just a sample of some of the models that were found to have malware already present when delivered:

  • ASUS Zenfone 2
  • Lenovo A850
  • Lenovo S90
  • LG G4
  • Google Nexus 5
  • Google Nexus 5X
  • Oppo N3
  • Oppo R7 plus
  • Samsung Galaxy A5
  • Samsung Galaxy Note 2
  • Samsung Galaxy Note 3
  • Samsung Galaxy Note 4
  • Samsung Galaxy Note 5
  • Samsung Galaxy Note 8.0
  • Samsung Galaxy Note Edge
  • Samsung Galaxy S4
  • Samsung Galaxy S7
  • Samsung Galaxy Tab 2
  • Samsung Galaxy Tab S2
  • Vivo X6 plus
  • Xiaomi Mi 4i
  • Xiaomi Redmi
  • ZTE x500