Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

New smartphones usually come with a handful of useful apps preinstalled to get you up and running quickly. However, they might also come with some pre-installed malware. Avast researchers report that several hundred different Android devices are shipping with malware pre-installed, but as usual, the hysteria doesn’t align with reality. Almost no one will ever encounter this malware if they exercise even a little common sense.

The preloaded packages spotted by Avast are a type of adware known as Cosiloon, first identified back in 2016. Technically, Cosiloon isn’t installed on the phones identified by Avast. Instead, the malware operators have integrated a “dropper” program into the firmware of devices. This app reaches out to a server and installs the payload after the phone connects to the internet.

Devices infected with Cosiloon will display ads from the Google, Facebook, and Baidu ad networks. However, they’ll do it in a supremely annoying fashion. These ads appear as overlays on top of other apps. Sometimes they’re right in the middle of the display, and other times they’re banner ads at the bottom. Because the dropper is built into the system firmware, most users will be unable to remove it.

Avast says there are hundreds of affected devices, but only 142 of them have 10 or more active users. You might recognize a few manufacturers on the list like ZTE and Archos. However, the majority are unknown white label device makers. The reason you don’t need to freak out is that almost all the infected devices are uncertified — they don’t run Google’s version of Android.

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

An uncertified device is not authorized to run Google services, and indeed, you’ll get an error on startup if someone did try to sideload Google’s apps. Avast also notes not all units of the affected device models have the malware. That suggests someone is intercepting devices in the supply chain to install the dropper app. This isn’t a case of OEMs building malware into all their devices. According to Google, the handful of phones that are certified will have Play Protect malware scanning, and that service is already equipped to find and remove the malware in question.

As long as you don’t purchase a dirt cheap uncertified Android device from an unknown OEM, you will not encounter Cosiloon. Even absent the malware, you should not do that. Putting your personal data into an untrusted device like that is a bad idea for many other reasons. If you’re not doing that, there’s no cause for alarm.

Continue reading

The PlayStation 5 Will Only Be Available Online for Launch Day
The PlayStation 5 Will Only Be Available Online for Launch Day

The PlayStation 5 isn't going to be available in stores on launch day, and if you want to pick up an M.2 SSD to expand its storage, you'll have some time to figure out that purchase.

Minecraft With Ray Tracing Now Available for All Windows 10 Players
Minecraft With Ray Tracing Now Available for All Windows 10 Players

You don't usually think of Minecraft as a realistic game, but the developers have been hard at work adding RTX ray tracing to the game for the last eight months. It's finally out of beta today, and it really works with the blocky look of Minecraft.

Supreme Court Sides With Google, Rules Java API Copying Was Fair Use
Supreme Court Sides With Google, Rules Java API Copying Was Fair Use

The Supreme Court has ruled against Oracle in its decade-long fair use case against Google. Google's copying of 37 Java APIs is protected under fair use.

Android 12 Beta Now Available With Major Visual Redesign
Android 12 Beta Now Available With Major Visual Redesign

The final software won't be available until later this year, but the beta has a hint of the huge "Material You" redesign just unveiled at Google I/O.