Security firm G Data claims it discovered as many as 26 different smartphone models in the retail channel with pre-installed malware. This include phones from popular Chinese smartphone makers like Xiaomi, Huawei and Lenovo, but also lesser known brands.
The malware is disguised as popular Android apps and can spy on users or inject ads. Unfortunately, it can not be easily removed without rooting the phone because it resides in the phone's firmware.
G Data says the phones are not leaving the factory with malware pre-installed, it appears the installation is performed by middlemen in China.
“Over the past year, we have seen a significant [growth]in devices that are equipped with firmware-level [malware and spyware]out of the box which can take a wide range of unknown and unwanted actions,” Product Manager Christian Geschkat from G Data said in a statement.