This low-end smartphone comes with unremovable Chinese malware in US

Unremovable malware found preinstalled on low-end smartphone sold in the US

Low-end smartphones sold to Americans with low-income via a government-subsidized program contain unremovable malware, security firm Malware bytes said today in a report.

At the heart of the controversy is the Unimax (UMX) U686CL. Security vendor Malwarebytes discovered the handset ships with the Adups malware installed.

While all of the installed apps Malwarebytes examined were clean and free of malware, the presence of a feature that automatically installs apps poses an unacceptable risk, particularly since removing the feature prevents the phone from receiving updates.

But Malwarebytes said there is a second risky component in these phones.

"Budget should not dictate whether a user can remain safe on his or her mobile device". Qualifying customers can get the phone for as little as $35, but they're also getting some potentially nasty malware.

However, according to security researchers, the provided Android phones come with previously installed Chinese malware, which allows personal information and data held on the phones to be accessed through a backdoor onto the device.

Researchers highlighted their concerns in a paper a year ago, identifying variants of well-known malware families loaded into pre-installed apps supplied in predominately low-end range phones. "To repeat: There is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own".

Specifically, the "Wireless Update" Android application on the phone is meant to provide updates to the Android operating system, but Collier wrote that "it is also capable of auto-installing apps without user consent".

In addition to a variant of Adups, Malwarebytes also found a second malicious app on the UMX U686CL that contained code written in Chinese characters.

Adups was criticized in 2016 and 2017 for secretly collecting user data via pre-installed apps that can't be removed without creating problems for the host device.

Malwarebytes researchers said they couldn't confirm that Unimax was the party that added the malware to the devices.

This might be another case where malware was added to devices by third-parties involved in a smartphone's supply chain - while the devices travel from the phone maker to a buyer.

Malwarebytes said that although the device is "not a bad phone", the presence of the two malware-infected apps makes the smartphone worthless and even unsafe for its users.

Android/Trojan.Dropper is a malicious app that contains additional malicious app (s) within its payload.

The other, even more egregious malware pre-installed on the phone is none other than the Settings app.

"From the moment you log into the mobile device, Wireless Update starts auto-installing apps".

Malwarebytes says it has informed Assurance Wireless of its findings, but has never heard of the company. A request for comment that ZDNet sent two days ago has not been returned either.



Other news