Security firm finds bundled malware on Xiaomi Mi 4

Bluebox, a company that offers security software for mobile phones, discovered that malware is included on Xiaomi Mi 4. The manufacturer responded by stating that malicious parties have probably modified the software.

The security company bought a Xiaomi Mi 4 in China through an unofficial retailer and examined the device. It turned out that, among other things, a trojan is included. The list of applications also included software that injects advertisements into other apps. Notably, the adware named Yt Service masquerades as a Google app with the package name

Bluebox also discovered that there is a secret partition on the smartphone that contains a number of modified apps. Among other things, the benchmark application Cpu-Z was found, but it was not digitally signed by the original maker. The Android operating system that runs on the smartphone also seems to have been modified: root access was available by default and there is uncertainty about which build of Android it concerns.

Xiaomi responded to the findings by saying that the software was likely modified after the smartphone left the factory. It is possible that the Xiaomi Mi 4 in question was sold by malicious parties who put malware on the device before reselling it.

Importing Chinese smartphones is something that has gained popularity in recent times. Xiaomi is one of the most famous Chinese manufacturers. This also makes consumers vulnerable to sellers with malicious intent. Incidentally, it is known that Chinese sellers sometimes supply fake versions of smartphones.