Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

New smartphones usually come with a handful of useful apps preinstalled to get you up and running quickly. However, they might also come with some pre-installed malware. Avast researchers report that several hundred different Android devices are shipping with malware pre-installed, but as usual, the hysteria doesn’t align with reality. Almost no one will ever encounter this malware if they exercise even a little common sense.

The preloaded packages spotted by Avast are a type of adware known as Cosiloon, first identified back in 2016. Technically, Cosiloon isn’t installed on the phones identified by Avast. Instead, the malware operators have integrated a “dropper” program into the firmware of devices. This app reaches out to a server and installs the payload after the phone connects to the internet.

Devices infected with Cosiloon will display ads from the Google, Facebook, and Baidu ad networks. However, they’ll do it in a supremely annoying fashion. These ads appear as overlays on top of other apps. Sometimes they’re right in the middle of the display, and other times they’re banner ads at the bottom. Because the dropper is built into the system firmware, most users will be unable to remove it.

Avast says there are hundreds of affected devices, but only 142 of them have 10 or more active users. You might recognize a few manufacturers on the list like ZTE and Archos. However, the majority are unknown white label device makers. The reason you don’t need to freak out is that almost all the infected devices are uncertified — they don’t run Google’s version of Android.

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

An uncertified device is not authorized to run Google services, and indeed, you’ll get an error on startup if someone did try to sideload Google’s apps. Avast also notes not all units of the affected device models have the malware. That suggests someone is intercepting devices in the supply chain to install the dropper app. This isn’t a case of OEMs building malware into all their devices. According to Google, the handful of phones that are certified will have Play Protect malware scanning, and that service is already equipped to find and remove the malware in question.

As long as you don’t purchase a dirt cheap uncertified Android device from an unknown OEM, you will not encounter Cosiloon. Even absent the malware, you should not do that. Putting your personal data into an untrusted device like that is a bad idea for many other reasons. If you’re not doing that, there’s no cause for alarm.

Continue reading

Huawei’s Phone Deal With AT&T Reportedly Killed On Account of Politics

The upcoming (and unannounced) deal with AT&T to sell the new Mate 10 series was supposed to be the start of Huawei's push into North America, but the deal has reportedly fallen apart at the last minute after AT&T got cold feet, and some sources point to a political cause.

Razer Phone Gets Netflix HDR and Dolby 5.1 Sound

The company has announced a deal with Netflix that brings HDR and Dolby Digital Plus 5.1 sound to the Razer Phone.

Vivo Demos First Smartphone With In-Display Fingerprint Sensor

At CES, Chinese smartphone maker Vivo is on hand to show off the first ever phone with a fingerprint reader inside the display.

ET Deals: BOGO on Select iPhones and Galaxy Smartphones at T-Mobile

Are you and your partner in the market for a new smartphone? Ready to invest in phones for your kids? Right now, T-Mobile is offering up hefty rebates on new phones from both Apple and Samsung with a qualifying trade-in.