Breaking News

Push the Edge with UP Xtreme Lite Dell to out new S2721DGF Monitor, HDR400 2560x1440 at 144 Hz Sony announces ‘Ready for PlayStation®5’ for current BRAVIA™ TVs Panasonic Releases RAW Video Data Output over HDMI Firmware for LUMIX S1H Sony Announces World’s First CFexpress Type A Memory Card with High-speed Performance and Tough Durability

logo

US Government-funded Phones Come Pre-installed with Unremovable Malware: Malwarebytes

US Government-funded Phones Come Pre-installed with Unremovable Malware: Malwarebytes

Smartphones 0

Mobile phones offered to low-income families via a US government scheme come preloaded with Chinese malware, according to a security company Malwarebytes.

United States–funded mobile carrier Assurance Wireless, which is owned by Virgin Mobile, offers phones via the Lifeline Assistance program amd it selling a mobile device pre-installed with two malicious applications, Malwarebytes discovered.

Assurance Wireless offers the $35 UMX U686CL phone as their most budget conscious option.

Malwarebytes said it saw several complaints from users with a government-issued phone reporting that some of its pre-installed apps were malicious.

The security firm informed Assurance Wireless of its findings but says it never heard back.

The first questionable app found on the UMX U686CL poses as an updater named Wireless Update, an app capable of updating the mobile device (OS). Conversely, it is also capable of auto-installing apps without user consent.

Malwarebytes detects this app as Android/PUP.Riskware.Autoins.Fota.fbcvd, a detection name that should sound familiar to Malwarebytes for Android customers. That’s because the app is actually a variant of Adups, a China-based company caught collecting user data, creating backdoors for mobile devices and, yes, developing auto-installers.

From the moment you log into the mobile device, Wireless Update starts auto-installing apps. While the apps it installs are initially clean and free of malware, these apps are added to the device with zero notification or permission required from the user.

Another unremovable pre-installed malicious app found on the UMX U686CL phone is the mobile device’s own Settings app, which functions as a heavily-obfuscated malware detected by Malwarebytes as Android/Trojan.Dropper.Agent.UMX. Because the app serves as the dashboard from which settings are changed, removing it would leave the device unusable.

According to Malwarebytes, Android/Trojan.Dropper.Agent.UMX shares characteristics with two other variants of known mobile Trojan droppers.
The only difference between the two codes are their variable names. The more discernible variant of this malware uses Chinese characters for variable names. Therefore, Malwarebytes assumes the origin of this malware is China.

In addition to the malware being of Chinese origin, it’s noteworthy to mention that this UMX mobile device is made by a Chinese company as well.

Related Posts

0 Comments

Leave a Reply

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

BBCode

  • No HTML tags allowed.
  • You may use these tags: [abbr], [acronym], [b], [center], [code], [color], [define], [font], [h1], [h2], [h3], [h4], [h5], [h6], [hr], [i], [img], [justify], [left], [list], [node], [php], [quote], [right], [s], [size], [sub], [sup], [u], [url], [wikipedia], [youtube], [align], [link], [ol], [ul]
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.