Check Point Mobile Threat Prevention has released a report showing that many popular Android phones and tablets are being infected with malware and spyware before users were delivered their devices.

At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, and Lenovo, which are being distributed by two unidentified companies have been found pre-loaded with malware programs.

Some of the devices Check Point names are:

• Samsung Galaxy Note 2
• LG G4
• Samsung Galaxy S7
• Samsung Galaxy S4
• Samsung Galaxy Note 4
• Samsung Galaxy Note 5
• Samsung Galaxy Note 8.0 tablet
• Xiaomi Mi 4i
• Galaxy A5
• ZTE x500
• Samsung Galaxy Note 3
• Samsung Galaxy Note Edge
• Samsung Galaxy Tab S2
• Samsung Galaxy Tab 2
• Oppo N3
• Vivo X6 plus
• Asus Zenfone 2
• Lenovo S90
• Oppo R7 plus
• Xiaomi Redmi
• Lenovo A850

Mobile malware is on the rise, particularly on Android platforms since they have a wide user base and an open sourced operating system. Malware, short for malicious software, is software designed to secretly control a device, steal private information or money from the device’s owner. Malware has been used to steal passwords and account numbers from mobile phones, put false charges on user accounts and even track a user’s location and activity without their knowledge.

Most of the malware found to be pre-installed on the devices were info-stealers, according to Check Point Mobile Threat Prevention. However, in some cases, the security company found Slocker, a mobile ransomware and Loki Trojan, a spyware were installed on devices.

Slocker is a highly dangerous virus. The family of malware is designed by cyber criminals to get money, as well as information.

In some cases, the virus refers to a fake message from the Federal Bureau of Investigation. The pop up accuses the phone owner of illegal actions, like a breach of copyright, use of prohibited apps and watching child porn videos. The message says if the user wants to unlock their phone they must pay a fine. Some of the messages contain a count-down deadline.

Loki Trojan was first seen in February 2016. It infects the core Android operating system, gaining powerful root privileges. The trojan also includes spyware-like features, such as grabbing the list of current applications, browser history, contact list, call history, and location data.

Since the malware programs were installed to the device’s ROM using system privileges, it’s hard to get rid of the infections.

You have to either root your device and uninstall the malware or completely reinstall the phone firmware/ROM via a process called “flashing.” Flashing is a complex process, and it is recommended that users power off their device and approach a certified technician/mobile service provider.