More Pre-Installed Malware Has Been Found In Budget US Smartphones

Pre-installed malware has been discovered on another budget handset connected to Assurance Wireless by Virgin Mobile. ZDNet reports: Back in January, cybersecurity researchers from Malwarebytes discovered unremovable malware bundled with the Android operating systems on the Unimax (UMX) U686CL, a low-end handset sold by Assurance Wireless as part of the Lifeline Assistance program, a 1985 U.S. initiative which subsidizes telephone services for low-income families. There was no way to remove a pair of apps on the handsets which would install other software on the devices without the user's knowledge.

Now, Malwarebytes has uncovered another budget handset with similar security issues. The smartphone in question is the ANS (American Network Solutions) UL40, running Android OS 7.1.1. [...] In the same way as the UMX U686CL, two apps -- a settings app and wireless update app -- are compromised. However, these apps are not infected with the same malware variants; instead, Collier says the "infections are similar but have their own unique infection characteristics." The Settings app is detected as Downloader Wotby, a Trojan that is able to download apps externally. The researchers did not find any evidence of malicious apps in a third-party store linked to the software but noted this doesn't mean that malicious apps could not be added or find their way into the store at a later date. The WirelessUpdate app is considered a Potentially Unwanted Program (PUP) that is also able to automatically install apps without user permission or knowledge. While the app does function as an over-the-air updater for security fixes and as an updater to the operating system itself, the software also installs four variants of HiddenAds, a Trojan family found on Android handsets. Thankfully, Malwarebytes has instructions on how to stop HiddenAds infections.

First!

[Randseed]

Until there are serious civil or criminal penalties for companies pushing this kind of sludge this will never get better.

Re: First!

[Your Father]

What does anyone expect for a smart phone that costs twenty bucks? Of course it is spying on you.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[raymorris]

I hate to tell you this, but the US government has trouble keeping malware off of phones in the White House. If you think they are going to competently examine every Obama phone - ROTFL!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[thegarbz]

Low income citizens? I thought they all had iPhones already. Budget smartphones seem to be more for terror cells who can't afford to keep burning iPhones after every phone call. We have to spy on them. It's for the safety of Americans and more importantly their children.

Re:

[Bengie]

No joke. So many people at grocery stores paying with food stamps playing with their relatively new iPhone and young children with some sort of smart phone they they're also playing on.

Re:

[DontBeAMoran]

This may be news to you, but people, even low-income ones, may have friends with higher income. Those richer folks sometimes give away their old things, a process known as "gifting".

A friend of mine, who's broke as shit, has an nVidia GTX960 in his PC because his richer friend gave it to him three years ago when he upgraded to a GTX1080. That friend of his keeps upgrading his GPU even though it gives him 5% better frame rates at the most. He's probably waiting to order an RTX 3080 as we speak.

Re:

[Joe2020]

You would expect the cost on the environment this trash has would be enough punishment. But no, so I wonder how high the penalties would have to be for them to do better. They'll probably just stop offering these phone completely in the end.

Re:

[AmiMoJo]

Is this malware though? Sounds more like it was just a really crappy insecure update/debug mechanism. Low cost devices often get low cost software developers.

I agree it should be banned but for that we need laws making decent security mandatory. Malware is already illegal.

Re:

[Anonymous Coward]

Until there are serious civil or criminal penalties for companies pushing this kind of sludge this will never get better.

It's a cheap Chinese phone. You don't seriously think that's going to help do you?

No surprise.

[Gravis Zero]

Facebook has paid to have it's app preinstalled on smartphones for years. ;)

Scumtards

[AndyKron]

Are these the same scumtards that rip off prisoners on their phone bills?

Re:

[account_deleted]

Comment removed based on user account deletion

Huawei phones

[Rosco P. Coltrane]

don't look so bad after all...

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Shompol]

Huawei international phones were awesome. Don't know how am I going to replace mine now. I ordered Oppo once and it was a usability wreck.

Ownership of smartphones?

[Shompol]

Will the time ever come when we can truly own our smartphones? I want root rights and remove vendor preinstalled malware. Do we need Linux on Mobile or something? I have heard about jail-breaking but it is always a tedious procure with high risk of bricking your expensive toy.

Re:

[bjwest]

Don't purchase from your carrier, buy it factory unlocked from the manufacturer, Amazon.com, Best Buy, etc.

Re:

[NateFromMich]

Don't purchase from your carrier, buy it factory unlocked from the manufacturer, Amazon.com, Best Buy, etc.

And then you still need to make sure that it isn't a special deal phone with ads and shit baked into it.
Even so, Google is currently working to lock phones down even more so that you basically won't be using the play store at all with an unlocked bootloader, so you're also stuck unrooted with whatever (probably unpatched) OS the phone maker supplies you with.

Re:

[bjwest]

Don't purchase from your carrier, buy it factory unlocked from the manufacturer, Amazon.com, Best Buy, etc.

And then you still need to make sure that it isn't a special deal phone with ads and shit baked into it. Even so, Google is currently working to lock phones down even more so that you basically won't be using the play store at all with an unlocked bootloader, so you're also stuck unrooted with whatever (probably unpatched) OS the phone maker supplies you with.

Some people continue to bitch even when you offer them choices. I guess you're stuck with Apple then.

Re:

[Unnamed Chickenheart]

I suppose you would need a portable computer (laptop, raspberry Pi / Arduino or similar) with external hardware/interfaces for making calls, send SMS, GPS, whatever.

Re:

[AmiMoJo]

Get a phone supported by Lineage. That's as close as you can get. You will still need some binary blob drivers but you can have root and only free software otherwise.

Re:

[WhoBeDaPlaya]

Lots of models where you can do exactly this. Currently using an LG V20 (purposely did not want >= V30). Rooted and I can do as I please.
That said, the rooting was mainly for being able to adjust the display settings via KCAL to avoid temporary burn-in (eg. RGB max = 250 instead of 255 would do the trick)
The non-root alternative would be to run a screen overlay app, but that is extremely hit and miss (and cumbersome).

Right of administration

[onyxruby]

There really needs to be a basic right of administration. If I buy it I have the right to remove or uninstall whatever is installed. Thatâ(TM)s more than reasonable and there is no honest reason to deny it. The only reason to make something unistallable is contractually obligated ad revenue.

Re:

[Actually, I do RTFA]

. The only reason to make something unistallable is contractually obligated ad revenue.

If you do that, all you do is force companies to put that clause the small print Better to just forbid it, full stop.

After all, these are already government subsidized phones.

Re:

[onyxruby]

That would defeat the point. There is need for these companies to do that to begin with. It was nothing more than a blatant cash grab.

I remember similar logic being used to justify telemarketers years ago. Similar logic was also used to justify cranking the volume up on commercials to be much louder than the tv show itself. Similar logic was used to put commercials on cable tv years ago.

Similar logic was used to justify putting commercials on cable tv. This was originally justified that giving cable compani

Re:

[PPH]

giving cable companies right of way access on public lands was in the public interest as cable offered a commercial free experience.

Cable companies started out as public antenna systems. For people who would have no TV reception at their location otherwise. They had exactly the same advertising content as the broadcast signals that they were carrying.

Re:

[onyxruby]

I went to find my citation on this and you are correct.

https://calcable.org/learn/his... [calcable.org]

I was thinking of the premium channels and was incorrect.

Re:

[Actually, I do RTFA]

I think you misunderstood what I said. I said making it a contract you can agree to doesn't work, cause it will just get added to every contract. Far better just to forbid it entirely.

Re:

[onyxruby]

Sounds like I did indeed misunderstand. Agreed that it is better to prohibit

Re:

[onyxruby]

The problem with that is that it doesnâ(TM)t scale. It works fine for the young techie. Not so much for the person that isnâ(TM)t technical.