Security researchers at Check Point Software Technologies recently reported finding instances of malware that came preinstalled on Android devices.

The security research firm—and producer of a mobile virus protection app—published a blog post detailing its findings, which included 36 infected devices. According to their findings, the malicious software wasn't included in the firmware from the phone manufacturers but was added at some point in the supply chain before the device was in the hands of a customer. 

The malware is far from the typical bloatware that phone makers and mobile carriers often install on a device. The programs that were pre-loaded onto the device were able to steal user information and displayed ads from renegade advertising networks. 

One of the most notable malicious ad-displaying attacks, known as Loki, used illegitimate advertisements to generate revenue while stealing data about the device and continually gaining access to the device's system privileges. Over time, it can take full control of the device to continue its operation.

In six of the cases that Check Point researchers identified, the malicious software was installed using system privileges, meaning the only way for a user to completely disinfect their device is to reinstall the firmware and start fresh. 

The following devices were found to be infected:

  • Galaxy Note 2
  • LG G4
  • Galaxy S7
  • Galaxy S4
  • Galaxy Note 4
  • Galaxy Note 5
  • Galaxy Note 8
  • Xiaomi Mi 4i
  • Galaxy A5
  • ZTE x500
  • Galaxy Note 3
  • Galaxy Note Edge
  • Galaxy Tab S2
  • Galaxy Tab 2
  • Oppo N3
  • vivo X6 plus
  • Asus Zenfone 2
  • LenovoS90
  • OppoR7 plus
  • Xiaomi Redmi
  • Lenovo A850

Check Point originally suggested a Nexus 5 and 5X were also found to be infected, but it has since retracted those findings. 

Samsung devices appear to have been hit hardest by the pre-installed malware, with the Android application package (APK) com.lu.compass affecting the company's flagship Galaxy S3 and Galaxy S4 devices.

The existence of pre-installed malware isn't entirely new for Android devices; Last year, researchers discovered secret backdoors installed on thousands of Android devices manufactured by American phone maker BLU. A separate team of researchers also found a different backdoor present on more than 3 million Android devices. Those backdoors were intended for over-the-air updates for devices, not malicious purposes.

Still, the threat of malware infecting a device before a consumer has the opportunity to turn it on for the first time presents a troubling precedent for Android users, as even taking every precaution to protect their device—like installing an anti-virus and only downloading trusted apps from the Google Play Store—may still be at risk.