Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

New smartphones usually come with a handful of useful apps preinstalled to get you up and running quickly. However, they might also come with some pre-installed malware. Avast researchers report that several hundred different Android devices are shipping with malware pre-installed, but as usual, the hysteria doesn’t align with reality. Almost no one will ever encounter this malware if they exercise even a little common sense.

The preloaded packages spotted by Avast are a type of adware known as Cosiloon, first identified back in 2016. Technically, Cosiloon isn’t installed on the phones identified by Avast. Instead, the malware operators have integrated a “dropper” program into the firmware of devices. This app reaches out to a server and installs the payload after the phone connects to the internet.

Devices infected with Cosiloon will display ads from the Google, Facebook, and Baidu ad networks. However, they’ll do it in a supremely annoying fashion. These ads appear as overlays on top of other apps. Sometimes they’re right in the middle of the display, and other times they’re banner ads at the bottom. Because the dropper is built into the system firmware, most users will be unable to remove it.

Avast says there are hundreds of affected devices, but only 142 of them have 10 or more active users. You might recognize a few manufacturers on the list like ZTE and Archos. However, the majority are unknown white label device makers. The reason you don’t need to freak out is that almost all the infected devices are uncertified — they don’t run Google’s version of Android.

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

An uncertified device is not authorized to run Google services, and indeed, you’ll get an error on startup if someone did try to sideload Google’s apps. Avast also notes not all units of the affected device models have the malware. That suggests someone is intercepting devices in the supply chain to install the dropper app. This isn’t a case of OEMs building malware into all their devices. According to Google, the handful of phones that are certified will have Play Protect malware scanning, and that service is already equipped to find and remove the malware in question.

As long as you don’t purchase a dirt cheap uncertified Android device from an unknown OEM, you will not encounter Cosiloon. Even absent the malware, you should not do that. Putting your personal data into an untrusted device like that is a bad idea for many other reasons. If you’re not doing that, there’s no cause for alarm.

Continue reading

Tesla Will Recall 134,000+ Vehicles Affected by Inevitable eMMC Failure
Tesla Will Recall 134,000+ Vehicles Affected by Inevitable eMMC Failure

Tesla will recall Model S and Model Y vehicles manufactured over specific model years in order to repair an inevitable system failure.

What If Mars Never Lost Its Water?
What If Mars Never Lost Its Water?

Mars used to be wet. Now it's not. What if its planetary ocean wasn't lost to space and is still locked within the planet?

LG Mobile’s Demise Was Inevitable
LG Mobile’s Demise Was Inevitable

This will leave a small opening for other companies, but LG's reach was so reduced in recent years that it's no great prize. In fact, LG's releases in the past few years have been uniquely scattershot and ineffective.

Microsoft Says It Has Never Made a Profit on Xbox Hardware Sales
Microsoft Says It Has Never Made a Profit on Xbox Hardware Sales

Microsoft has been in the console business for two decades this year, and it has never made a profit on console hardware sales in all that time.