A recent security report reveals that a particular Chinese smartphone brand pre-installs malware on its devices.
According to the report, the Chinese smartphone manufacturer Transsion is responsible for this. The company is well-known for developing highly affordable smartphones. However, it appears that the company is installing malware on its devices.
The malware
The malware does not cause any long-term damage to the device. What it does is sign-up the user to various subscription services without their explicit permission. This is a clear violation of user rights and privacy.
The scheme was discovered by the anti-fraud firm Secure-D. The firm’s researchers conducted a thorough investigation after detecting the scheme on its platform.
According to the cybersecurity firm, they launched the investigation in March 2019. At that time, they discovered an unusual amount of traffic from the Transsion Tecno W3 smartphones.
Tecno W2 devices with #Triada malware downloaded a trojan called #xHelper. Resistant to reboots, app removals & even factory resets making it difficult to remove. #Transsion still has to answer to why this happened with their phones #cybersecurity #malwarehttps://t.co/cibIrugYHh
— WalktheLine (@edgytimes) August 25, 2020
The firm said that majority of the traffic comes from Cameroon, Egypt, Ethiopia, Ghana, and South Africa. Further investigations revealed that fraudulent claims were also reported in 14 other countries.
According to Secure-D, the malware was able to generate more than 19 million suspicion transactions. They suspect that all these transactions surreptitiously signed users up to various subscription services. In total, the malware is reportedly active in more than 200,000 unique devices.
The investigation revealed that Transsion is using a malware called Triada. It is a popular malware strain that acts both as a software backdoor and a payload downloader. Once the target device activates and connects to the internet, it will automatically download other malware.
A majority of these subscriptions were directed towards a series of apps called com.mufc. The source and developer of this app still unknown. Moreover, the app is not hosted on the official Google Play Store.
A new attack vector
Pre-installed malware is rarely seen, especially from major smartphone manufacturers like Samsung. However, smaller manufacturers like Transsion can essentially fly under the radar and distribute it to their users.
Since the malware comes pre-installed, it is virtually impossible to detect or remove it. Smartphone manufacturers specifically program this kind of malware to be invisible to the user.
In a statement, Secure-D chief Geoffrey Cleaves said:
“Mobile ad fraud is fast becoming an epidemic which, if left unchecked, will throttle mobile advertising, erode trust in operators and leave users saddled with higher bills.”
Cybersecurity experts suggest that staying away from suspicious manufacturers is a good strategy to avoid these attacks. Moreover, downloading apps only from legitimate and approved sources is also a great practice.
Featured image courtesy of Tero Vesalainen/Shutterstock