Two years after being ousted, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach.
News of this group first surfaced
after a report in December 2016, when Russian antivirus vendor Dr.Web disclosed that a mysterious threat actor had found a way to penetrate the supply-chain of several mobile carriers, infecting phones with malware.
At the time, experts said they found malware in the firmware of at least 26 low-cost Android smartphone and tablets models. Once ousted, Dr.Web hoped crooks would pack up and move on to another operation.
Crooks expand operations and infect more devices
But in a report released yesterday, cyber-security firm Avast says the group has never ceased operations and has continued to poison the firmware of more and more devices, growing their operation many times over.
Avast published
a list of over 140 Android smartphones and tablets on which it says it found the group's malware —which they named Cosiloon.