Supply-Chain Malware Embedded in Android Devices Highlights Mobile Risk

An investigation found sophisticated supply-chain malware pre-installed on Android devices during manufacturing and distribution. The malicious code lives at a low system level, enabling persistent data exfiltration, remote command execution, and unauthorized access while bypassing app-store vetting and user consent; the report urges verifying device integrity, enforcing secure boot, and monitoring mobile fleets.