Some rogue retailers are unpacking brand-new mobile devices with the Android operating system, loading them with malicious software and selling them to unsuspecting buyers, a new report from security firm G Data said Tuesday.
“Over the past year we have seen a significant increase in devices that are equipped with firmware-level spyware and malware out of the box which can take a wide range of unwanted and unknown actions,” G Data Product Manager Christian Geschkat said in a statement.
The pre-installed spyware, which can’t be removed without unlocking the phone, is capable of accessing the Internet, reading and sending text messages, installing unwanted apps, accessing contact lists, obtaining location data and more, according to G Data.
Most of the infected phones appear to have been tampered with by middlemen in China, who inject their own advertising in order to turn a profit. Some of the devices are made by well-known international brands like Huawei and Lenovo.
Researchers also found a significant increase in strains of malware that target Android systems, up 25 percent from the first quarter to the second quarter of this year.
The firm estimates that there will be more than two million new malware apps by the end of the year.