Pre-Installed Malware

Ssecurity researchers have found pre-installed malware in budget Android phones that are sold in the U.S. However, this is not the first time this sought of malware has been found by the security research team. 

As earlier in January, Researchers from Malwarebytes detected unremovable Chinese malware on the Unimax U683CL, it was the cheapest smartphone submitted by the Lifeline Assistance program.

The Lifeline assistance is backed by the federal Universal Service Fund, which is a government program that was begun in 1985 to provide reduced phone service to low-income households.

The security team at Malwarebytes have discovered the malware in UL40 running Android OS 7.1.1. As recently, Nathan Collier, one of the security researchers of the security team, affirmed that after viewing January’s report, members of the company asserted that a variety of ANS phone models were directed to the corresponding problems.

Types of Infection

The malware that is found in the UL40 is embedded in the Unimax U683CL; in both “settings” and the “wireless update” feature. 

Here, the experts also pronounced that two phones do not carry the same malware, as the researchers detected a Trojan in the “settings” section of the ANS UL40 smartphone, but they could not resolve the exact function of the malware.

Settings

  • Package Name: com.android.settings
  • MD5: 7ADA4AAEA49383499B405E4CE0A9447F
  • App Name: Settings
  • Detection: Android/Trojan.Downloader.Wotby.SEK

While the ANS UL40 smartphone has been observed by Malwarebytes, and they detected that it does not include a SIM card, making the researchers think that this may be the reason that why the Trojan was not operating any ill-disposed activities. 

The malware that the researchers detected in the “WirelessUpdate” feature enables the device to accept over-the-air updates to the operating system or the apps, and it was classified as a Potential Unwanted Program, or PUP, that appears to serve up undesired ads to the user.

WirelessUpdate

  • Package Name: com.fota.wirelessupdate
  • MD5: 282C8C0F0D089E3CD522B4315C48E201
  • App Name: WirelessUpdate
  • Detections: Three variants of Android/PUP.Riskware.Autoins.Fota
  • Variants .INS, .fscbv, and .fbcv

Devices infected

This Pre-Installed Malware has infected both the devices, and both of them have the system apps, but the malware modifications on the U683CL model and the UL40 are different from each other. 

Here, both the devices got affected by their Setting and WirelessUdate features. So, the earlier malware report and the recent report of this malware affirms that only two devices were infected by this kind of malware.

Mitigations

According to the researchers of the ANS, they would soon find the proper solution to fix this unwanted malware. Whereas once the U683CL’s malware issue informed in January, UMX eliminated the malicious apps. 

There are some differences in the features of the Unimax U683CL and UL40, but the experts told that this time, it’s not as severe as earlier. Therefore they are still finding its solution, and soon they will resolve it.

More importantly, the experts did not detect any sign of malicious apps in a third-party store that is connected to the software but, they told that it doesn’t mean that malicious apps could not be combined or find access to the store.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

Alina – A Point of Sale (POS) Malware Abusing Global DNS Traffic To Exfiltrated The Credit Card Data

FAKESPY – An Android Malware steal SMS messages, Application, and Financial data Around the World

Beware of New Mac Malware Spreading via Poisoned Google Search Results

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.