Advertisement

Updated January 10th, 2020 at 16:10 IST

US government funded phone comes with pre-installed, unremovable malware from China

Researchers spotted unremovable malware from China that was pre-installed on a low-end smartphone being sold in the US. Here is everything you need to know.

Reported by: Tech Desk
Smartphones
| Image:self
Advertisement

Researchers spotted unremovable malware that was pre-installed on a low-end smartphone being sold in the US. According to Malwarebytes, a U.S funded mobile carrier Assurance Wireless by Virgin Mobile sold an affordable Android device pre-installed with unremovable malware. The mobile device in question -- UMX U686CL -- is up for grabs at an affordable price of $35 under the government-funded program called Lifeline Assistance. The smartphone is made in China.

In October 2019, cybersecurity researchers at Malwarebytes came across multiple complaints from users with a government-issued phone reporting that some of its pre-installed apps were malicious. Following the investigation, researchers reached out to folks over at Assurance Wireless but did not hear back from the company.

"We informed Assurance Wireless of our findings and asked them point blank why a US-funded mobile carrier is selling a mobile device infected with pre-installed malware? After giving them adequate time to respond, we unfortunately never heard back."

READ | Hospital tells patients to monitor bank statements after malware infection

Findings

Researchers found out about one of the pre-installed apps posing as an updater named Wireless Update, which is capable of updating the mobile device. As a result, it is also capable of auto-installing apps without user consent. Researchers further revealed that the app is a variant of Adups, a China-based company caught collecting user data, creating backdoors for mobile devices and developing auto-installers.

The app is not only malicious but also unremovable, researchers said in their blog post, further preventing users from uninstalling the app. What's more, the phone's Settings app also functions as a "heavily-obfuscated malware."

Apart from the malware being originated from China, the device is also manufactured by a Chinese company.

"In addition to the malware being of Chinese origin, it’s noteworthy to mention that this UMX mobile device is made by a Chinese company as well. This could simply be a coincidence rather than explicit malcontent—we cannot confirm if the makers of the device are aware there is Chinese malware pre-installed," Malwarebytes said.

There was no immediate fix available at the time of publication of the findings, other than uninstalling wireless updates or uninstalling pre-installed apps that involve certain repercussions.

Advertisement

Published January 10th, 2020 at 16:10 IST

Your Voice. Now Direct.

Send us your views, we’ll publish them. This section is moderated.

Advertisement
Advertisement

Trending Quicks

Advertisement
Advertisement
Advertisement
Whatsapp logo