Some Android Devices Found to Contain Pre-Installed Malware
Human Security’s Satori Threat Intelligence and Research Team “observed at least 74,000 Android-based mobile phones, tablets, and Connected TV boxes worldwide” that shipped with malware already installed. The malware – a firmware backdoor known as Triada – connects to command-and-control servers.
This isn't anything fundamentally new. Low cost devices have often been subsidized by additional software. It is worth noting however that "Android" is more than a smartphone operating system. For years, we have seen in our internet storm center sensors attacks against TV sticks and similar devices running Android.
This is a good example to use for education/awareness for employees with remote access over some simple steps to reduce the risk of compromised devices (like the “cheap Android TV streaming boxes” detailed here). Home DNS filtering services can go a long way in impeding connections to the malicious actors’ command and control servers that are needed to make these attacks work.
Think beyond the smart phone/tablet to streaming and other IoT devices running the Android OS. Generally, these are knock-off devices, which appear to be a bargain, which have achieved that discount by partnering with others such as malware providers, for offsetting income. Purchase the name-brand devices, isolate them on appropriate segments, and limit their connectivity to only the services needed, to include updates. You may wish to blackhole DNS entries for unexpected sites they are trying to access.
The old adage proves true; you get what you pay for. In this case, cheap Android TV streaming boxes, come preloaded with malware. When purchasing IT devices do the research and buy from a reputable company. Yes, it may cost a bit more but well worth it. Additionally, every home should use a free DNS filtering service like OpenDNS, Quad9, Cloudflare, and Google Public DNS, to block malicious websites.