This is bad, bad news….
“A Naked Security story reports that Checkpoint analyzed Android devices owned by two large companies, and found malware infections in 36 of them. The users hadn’t downloaded the malware – they arrived with the devices, meaning that they were installed somewhere along the supply chain.
The malware in the phones ranged from adware that displayed illegitimate commercials to information stealers. There was even a mobile ransomware instance lurking on some of the phones. In this case, attackers installed malware on device ROMs using system privileges, meaning that the user couldn’t get rid of it.
So you might not want to look at that box with utter glee that your new phone is here. It may have come with “a little something extra.””
How could an end-user avoid that kind of hack? There’s really nothing you could do, the device was hacked before it even got to you, and how could you not enter your information on your own phone? Ugh…