A New Reason to Not Buy These Cheap Android Devices: Complimentary Malware

Discussion in 'mobile device security' started by mood, May 24, 2018.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,268
    A New Reason to Not Buy These Cheap Android Devices: Complimentary Malware
    May 24, 2018
    https://gizmodo.com/a-new-reason-to-not-buy-these-cheap-android-devices-co-1826289219
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,994
    There's no malware, on my cheap, Chinese smartphone and tablet.
     
  3. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,472
    What about Xaiomi? Is it clean?
     
  4. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,994
    I'm using a custom MIUI (Xiaomi) ROM on my Meizu M2 and it is clean.
     
  5. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,129
    Location:
    USA still the best. But barely.
    The article says there is a fix.

    All I could find is:
    "....Avast Mobile Security can detect and uninstall the payload, but it cannot acquire the permissions required to disable the dropper, so Google Play Protect has to do the heavy lifting. If your device is infected, it should automatically disable both the dropper and the payload. We know this works because we have observed a drop in the number of devices infected by new payload versions after Play Protect started detecting Cosiloon.

    Users can find the dropper in their settings (named “CrashService”, “ImeMess” or “Terminal” with generic Android icon), and can click the "disable" button on the app's page, if available (depending on the Android version). This will deactivate the dropper and once Avast removes the payload, it will not return again...."


    These instructions are as clear as mud to me. It is just gibberish. Agree or disagree?
     
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,994
    @zapjb It makes sense to me. Google Play Protect, should automatically find the malware and either remove it automatically, or ask you if you want it to remove it.
    If it doesn't do that, go to Settings, then Apps and disable the listed apps, then you will be able to remove the remaining files with Avast.
     
  7. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,129
    Location:
    USA still the best. But barely.
    How come they couldn't say that. Thanks.
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,268
    Cheap Android Phones and Poor Quality Control Leads to Malware Surprise
    October 2, 2018
    https://www.bleepingcomputer.com/ne...or-quality-control-leads-to-malware-surprise/
    More details (Sophos Report):
    The price of a cheap mobile phone may include your privacy
    October 2, 2018
    https://news.sophos.com/en-us/2018/10/02/the-price-of-a-cheap-mobile-phone-may-include-your-privacy/
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,576
    Location:
    U.S.A. (South)
    Same here. Plus I rooted mine, studied the diagram (long ago) and know every corner of the system and it's hidden fringes
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,268
    Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
    August 10, 2019
    https://www.forbes.com/sites/zakdof...reloaded-with-dangerous-malware/#2fbd0e7eddb3
    Securing the System - A Deep Dive into Reversing Android Pre-Installed Apps
    (PDF - 902 KB): https://github.com/maddiestone/ConPresentations/raw/master/Blackhat2019.SecuringTheSystem.pdf
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,268
    Unremovable malware found preinstalled on low-end smartphone sold in the US
    January 9, 2020
    https://www.zdnet.com/article/unrem...stalled-on-low-end-smartphone-sold-in-the-us/
    Malwarebytes: United States government-funded phones come pre-installed with unremovable malware
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,268
    Chinese phone maker denies handset in Lifeline program came with preinstalled malware
    Unimax says no customer data has been compromised
    January 17, 2020

    https://www.cnet.com/news/chinese-p...eline-program-came-with-preinstalled-malware/
    Updated:
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,268
    Unimax removed pre-installed malware from Assurance Wireless’s government-subsidised UMX U683CL smartphone
    March 3, 2020
    https://mspoweruser.com/unimax-remo...-government-subsidised-umx-u683cl-smartphone/
    Updated:
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,268
    How pre-installed adware can cause trouble for mobile users
    July 6, 2020
    https://betanews.com/2020/07/06/pre-installed-mobile-adware/
    Kaspersky: Pig in a poke: smartphone adware
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,268
    We found yet another phone with pre-installed malware via the Lifeline Assistance program
    July 8, 2020
    https://blog.malwarebytes.com/andro...-malware-via-the-lifeline-assistance-program/
    DarkReading: More Malware Found Preinstalled on Government Smartphones
     
    Last edited: Jul 8, 2020
  16. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,832
    hi but xiamo is the new meizu , or are diffrent brands
    may i know what custom miui rom did you install?
    thanks
     
  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,994
    They are different brands. I can't think of which ROM I was using. I'm using an Xiaomi phone now.
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,268
    Chinese Court Finds Gionee Guilty Of Planting 20 Million Phones With Malware
    December 6, 2020
    https://www.outlookindia.com/websit...licting-20-million-phones-with-malware/366410
     
  19. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,994
    I didn't know they were still around. I haven't heard of that brand for many years.
     
  20. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    529
    Location:
    South Park, CO
    I have a UMX U683CL which received a software update by the vendor in late Sept. 2020 and now appears to have HiddenAds malware on it. After ads began popping up everywhere and a new wallpaper unexpectedly appeared, I installed Securion OnAV (a free mobile AV that was highly rated by AV-T), which twice detected and removed threats so far. Google Play Protect found nothing. I don't use it for anything sensitive like banking, but it's a shame nonetheless.
     
  21. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    529
    Location:
    South Park, CO
    Updating my above post: the Securion AV found one more threat but missed two, which I had to delete manually. Notably, Google Play Protect didn't find any of them.

    The vendor issued another security update this week; after the update, the malware seems to be gone. Battery usage has improved greatly, and Chrome no longer pops open when I unlock the phone. (Interestingly, the vendor openly installed a legitimate "News" app that served sponsored ads every 6 hours, but it was easy to disable. I suppose they have to monetize the cheap phones somehow.)
     
  22. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    529
    Location:
    South Park, CO
    The malware (Trojan.UMX) has returned with a vengeance, repeatedly installing adware that pops ads over the screen. The adware installations have defeated Securion, Avira, and Dr. Web antimalware products so far; I'm now trying Bit Defender Free. Although the underlying Trojan can't be removed except by the vendor, I had hoped an antimalware product could at least have prevented the well-known Hidden Ads adware from being reinstalled over and over. (Other cheap phones by the same Lifeline provider reportedly have the same malware problems, so replacing the phone isn't an option at this point.)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.