The German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik -- BSI) has issued security alerts today warning about dangerous backdoor malware found embedded in the firmware of at least four smartphone models sold in the country. The BSI said the phones' firmware contained a backdoor trojan named Andr/Xgen2-CY. The malware can be removed just via a firmware update issued by the phone makers. The BSI warns that users of these devices are now at risk of having other malware pushed to their devices from the malware's control servers, such as ransomware, banking trojans, or adware. In December 2016, security researchers from Dr.Web found an downloader for Android malware embedded in the firmware of 26 Android smartphone models. In March 2018, the same Dr.Web found the same Triada trojan embedded in the firmware of 42 other Android smartphone models.