Cheap Android devices ship with pre-installed malware

Beware of cheap unknown brand Android phones that you have not heard of


If you spot a really cheap smartphone and is tempted to purchase one, this recent news may make you pause to think.

Researchers from Avast discovered pre-installed malware in several hundred different low cost Android devices. The preloaded packages, some called them Cosiloon, belong to a type of malware that will display advertisement to user of the device. Interestingly the ads are from Google, Facebook, and Baidu ad networks.

1-Cosiloon-sample-adware-1
Source: Avast

These annonying ads appear as overlays on top of other apps and users will not be able to remove the cause of these ads. This is because the malware is built into the system firmware, and in most cases users will still continue to get inflected because the malware will update itself or download additional packages after the system is "disinflected". This system level malware will continue to download additional packages from the Internet. Thus, if you own one of these phones, you either live with the annonying ads or buy a new phone. Some of the Anti-virus applications will be able to detect these malicious packages,
    com.google.eMediaService,
    com.google.eMusic1Service,
    com.google.ePlay3Service,
    com.google.eVideo2Service,

but sadly the clean up operation will still fail.

The complete list of inflected phones can be found here. ZTE, a more well known brand is on it with several models. Stay away from cheap brands unless you are capable of doing technical tests yourself. The current malware are just displaying ads but the capability to do more damage (fraudulent activities, identity compromise) is baked into the firmware.

We just checked and their C2 servers are still evolving and alive:
Screen shot on 25 May 2018
Tested on 25 May 2018


If you still want to buy a low cost smartphone, try to do some anti-virus tests and check that the phone is Google certified.

Personal note to the suppliers of cheap phones:
It is a good and noble intent of you to supply phones at a very low cost to the masses, but inserting malware or adware into the phone firmware without informing the user is not a good strategy. Some people may still get the low cost phone even when they are aware of the adware in the phone. It is akin to people visiting web sites for information knowing that some of these sites are supported by ads. Do things the legal way, everyone benefits.
Have a good day. 

No comments:

Post a Comment