“Dirty” devices…fresh out the box!
Android devices, after being unpacked, have been found to have malware. The devices were not sold via retail outlets. But this is an example of why no device can be considered absolutely safe…anyone can be vulnerable when it pertains to issues of security.
“The Check Point Mobile Threat Prevention has recently detected a severe infection in 36 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it.
“According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”
http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/