More than 40 models of budget-priced Android smartphones leave the factory containing a modifiable Trojan. This can be used to spy on e-banking apps and is very difficult to remove.
If you own a budget-priced Android smartphone or are thinking of buying one, you should really have a look at this list of the Dr. Web antivirus software supplier. This details devices by different manufacturers which incorporate the “Android.Triada.231” Trojan.
Their security researchers have discovered over 40 models of these devices leaving the factory already infected. According to Dr. Web, there is however a chance that other types of smartphone may be contaminated, too. The Trojan sits inside the devices’ firmware and is able to manipulate any apps you run, and can also download additional modules to add further functionality. This will for instance enable this malware to spy on banking apps.
It is not quite clear how this Trojan managed to enter these phones’ firmware. To remove it, you have to run a complete reset of your smartphone and then install a clean Android image, which is difficult to do in practice though.