The devices are compromised right out of the box.
You could be the most diligent person when it comes to online security and follow all the experts' best cybersecurity advice to a tee, but you could still be afflicted with malware when it comes preinstalled on your smartphone.
Avast Threat Labs released a report Thursday detailing a new scam where adware is preinstalled in Android devices before the consumer even get their hands on them.
The Android phones in question are not certified by Google and made by manufacturers such as ZTE, Archos and myPhone. Countries including France, Germany, Italy, Russia and the U.K. are where most reported incidents have occurred, but a few incidents have been reported in the U.S.
So what are these malware-riddled phones doing to users? The adware causes constant pop-up ads for sketchy games. If a user happen to download these games, things get a lot worse, Engadget reports.
"The adware has been active for at least three years, and is difficult to remove as it is installed on the firmware level and uses strong obfuscation," write Vojtech Bocek and Nikolaos Chrysaidos of Avast Threat Labs.
Avast says it has reported the malware to Google, and the tech company says it has taken steps to prevent this from happening again, including updating Google Play Protect.
So if you're in the market for a new smartphone, be careful what you buy. It could be trouble before you even turn it on.