Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

New smartphones usually come with a handful of useful apps preinstalled to get you up and running quickly. However, they might also come with some pre-installed malware. Avast researchers report that several hundred different Android devices are shipping with malware pre-installed, but as usual, the hysteria doesn’t align with reality. Almost no one will ever encounter this malware if they exercise even a little common sense.

The preloaded packages spotted by Avast are a type of adware known as Cosiloon, first identified back in 2016. Technically, Cosiloon isn’t installed on the phones identified by Avast. Instead, the malware operators have integrated a “dropper” program into the firmware of devices. This app reaches out to a server and installs the payload after the phone connects to the internet.

Devices infected with Cosiloon will display ads from the Google, Facebook, and Baidu ad networks. However, they’ll do it in a supremely annoying fashion. These ads appear as overlays on top of other apps. Sometimes they’re right in the middle of the display, and other times they’re banner ads at the bottom. Because the dropper is built into the system firmware, most users will be unable to remove it.

Avast says there are hundreds of affected devices, but only 142 of them have 10 or more active users. You might recognize a few manufacturers on the list like ZTE and Archos. However, the majority are unknown white label device makers. The reason you don’t need to freak out is that almost all the infected devices are uncertified — they don’t run Google’s version of Android.

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

An uncertified device is not authorized to run Google services, and indeed, you’ll get an error on startup if someone did try to sideload Google’s apps. Avast also notes not all units of the affected device models have the malware. That suggests someone is intercepting devices in the supply chain to install the dropper app. This isn’t a case of OEMs building malware into all their devices. According to Google, the handful of phones that are certified will have Play Protect malware scanning, and that service is already equipped to find and remove the malware in question.

As long as you don’t purchase a dirt cheap uncertified Android device from an unknown OEM, you will not encounter Cosiloon. Even absent the malware, you should not do that. Putting your personal data into an untrusted device like that is a bad idea for many other reasons. If you’re not doing that, there’s no cause for alarm.

Continue reading

Android 8.1 Now Tells You How Fast Nearby Wi-Fi Networks Are

You won't get exact speed measurements, but a general descriptor tells you if the network is lightning fast or slow as molasses.

Google Pulled ‘Bad’ Android Apps in 2017 Faster Than Ever Before

Google reports that it took down more than 700,000 "bad" apps in 2017, and it did so faster than ever before.

The Essential Phone Will Skip Android 8.0 and Go Right to 8.1

There have been three releases of the Oreo beta so far, but Essential says it's identified several stability issues that have been difficult to solve.

New Android Malware Mines Cryptocurrency on Your Phone

The value of cryptocurrency is down right now, but online criminals are still happy to generate coins using your hardware.