Apparently security researchers have scanned a number of smartphones from the major manufacturers and found 36 types that came with malware pre-installed.
The malware didn't come from Google, Samsung, or any of the manufacturers. Rather it was installed somewhere along the supply-chain before it arrived at the distributer's warehouse. The two malware applications found were Loki and SLocker. Loki is a back-door app that gives the attackers full access to the phone and all data on it; and SLocker is a ransomware app.
How would you feel knowing that your new Android smartphone was already pre-installed with ramsomware, and the attackers are just waiting for you to get a bunch of valuable data on it, before locking it down and demanding a $1000 ransom, payable only in bitcoin?
Would purchasing your phone from a known entity like Best Buy help to mitigate the risk? I don't know and I'm not sure anyone does at this time.
Here's the list of smartphones found to be pre-infected:
|Galaxy Note 2
||Galaxy Tab S2
||Galaxy Tab 2
|Galaxy Note 4
||Vivo X6 plus
|Galaxy Note 5
|Xiaomi Mi 4i
||Asus Zenfone 2
|Galaxy Note 3
|Galaxy Note Edge