Pre-Installed Malware Found on US Government-Funded Smartphones
Posted: August 17,2022
Android smartphones offered through a US government initiative for low-income users came with pre-installed Chinese malware.
Researchers at Malwarebytes Labs found that the $35 UMX U683CL smartphone came with two variants of malware - one that can collect data and install software without user consent and another that places unremovable ads.
The device is distributed by US federal cell phone provider, Assurance Wireless, through its Lifeline Assistance Program.
The first suspicious app detected is Wireless Update, which immediately starts downloading apps without the user’s consent. While none of the apps that it currently downloads are malicious, there’s no guarantee this won’t change in the future. The malware in question is a variant of Adups, which originated from a Chinese company known for collecting user data and other dubious practices.
The second bit of malware is a Trojan dropper that also originates from China. It infects the phone with the HiddenAds Trojan, which displays annoying ads on the lock screen.
The two variants of malware can only be partially disabled. Malwarebytes reached out to Assurance Wireless but have not received a response.
Your email address will not be published.
While Damjan started his career in humanities, his interests quickly moved on to the tech and IT world. VPNs, antiviruses, firewalls, password managers - cybersecurity is what he knows best. When Damjan’s not losing hair over the dwindling of our collective sense of tech safety, you’ll find him looking for solace in 100-hour-long RPGs and rage-inducing MOBAs.