Researchers spotted unremovable malware that was pre-installed on a low-end smartphone being sold in the US. According to Malwarebytes, a U.S funded mobile carrier Assurance Wireless by Virgin Mobile sold an affordable Android device pre-installed with unremovable malware. The mobile device in question -- UMX U686CL -- is up for grabs at an affordable price of $35 under the government-funded program called Lifeline Assistance. The smartphone is made in China.
In October 2019, cybersecurity researchers at Malwarebytes came across multiple complaints from users with a government-issued phone reporting that some of its pre-installed apps were malicious. Following the investigation, researchers reached out to folks over at Assurance Wireless but did not hear back from the company.
"We informed Assurance Wireless of our findings and asked them point blank why a US-funded mobile carrier is selling a mobile device infected with pre-installed malware? After giving them adequate time to respond, we unfortunately never heard back."
Researchers found out about one of the pre-installed apps posing as an updater named Wireless Update, which is capable of updating the mobile device. As a result, it is also capable of auto-installing apps without user consent. Researchers further revealed that the app is a variant of Adups, a China-based company caught collecting user data, creating backdoors for mobile devices and developing auto-installers.
The app is not only malicious but also unremovable, researchers said in their blog post, further preventing users from uninstalling the app. What's more, the phone's Settings app also functions as a "heavily-obfuscated malware."
Apart from the malware being originated from China, the device is also manufactured by a Chinese company.
"In addition to the malware being of Chinese origin, it’s noteworthy to mention that this UMX mobile device is made by a Chinese company as well. This could simply be a coincidence rather than explicit malcontent—we cannot confirm if the makers of the device are aware there is Chinese malware pre-installed," Malwarebytes said.
There was no immediate fix available at the time of publication of the findings, other than uninstalling wireless updates or uninstalling pre-installed apps that involve certain repercussions.