Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

New smartphones usually come with a handful of useful apps preinstalled to get you up and running quickly. However, they might also come with some pre-installed malware. Avast researchers report that several hundred different Android devices are shipping with malware pre-installed, but as usual, the hysteria doesn’t align with reality. Almost no one will ever encounter this malware if they exercise even a little common sense.

The preloaded packages spotted by Avast are a type of adware known as Cosiloon, first identified back in 2016. Technically, Cosiloon isn’t installed on the phones identified by Avast. Instead, the malware operators have integrated a “dropper” program into the firmware of devices. This app reaches out to a server and installs the payload after the phone connects to the internet.

Devices infected with Cosiloon will display ads from the Google, Facebook, and Baidu ad networks. However, they’ll do it in a supremely annoying fashion. These ads appear as overlays on top of other apps. Sometimes they’re right in the middle of the display, and other times they’re banner ads at the bottom. Because the dropper is built into the system firmware, most users will be unable to remove it.

Avast says there are hundreds of affected devices, but only 142 of them have 10 or more active users. You might recognize a few manufacturers on the list like ZTE and Archos. However, the majority are unknown white label device makers. The reason you don’t need to freak out is that almost all the infected devices are uncertified — they don’t run Google’s version of Android.

Avast Finds Pre-installed Android Malware on Hundreds of Phones You’ll Never Use

An uncertified device is not authorized to run Google services, and indeed, you’ll get an error on startup if someone did try to sideload Google’s apps. Avast also notes not all units of the affected device models have the malware. That suggests someone is intercepting devices in the supply chain to install the dropper app. This isn’t a case of OEMs building malware into all their devices. According to Google, the handful of phones that are certified will have Play Protect malware scanning, and that service is already equipped to find and remove the malware in question.

As long as you don’t purchase a dirt cheap uncertified Android device from an unknown OEM, you will not encounter Cosiloon. Even absent the malware, you should not do that. Putting your personal data into an untrusted device like that is a bad idea for many other reasons. If you’re not doing that, there’s no cause for alarm.

Continue reading

Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera
Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera

According to a recent iFixit report, Apple's hostility to the right of repair has hit new heights with the iPhone 12 and iPhone 12 Pro.

Oppo Shows Off Concept Phone With Stretchable OLED Screen
Oppo Shows Off Concept Phone With Stretchable OLED Screen

Oppo has revealed a concept phone with a "continuously variable OLED display" that changes size in your hand to move between tablet and phone-like form factors.

Nvidia, Google to Support Cloud Gaming on iPhone Via Web Apps
Nvidia, Google to Support Cloud Gaming on iPhone Via Web Apps

Both Nvidia and Google have announced iOS support for their respective cloud gaming platforms via progressive web applications. Apple can't block that.

Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021
Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021

The 888 comes with a new CPU design, integrated 5G, and a massive GPU boost. It's shaping up to be the most significant update to Qualcomm's flagship system-on-a-chip (SoC) in years.