Low-end smartphones across the United States have a new problem to deal with, malware. Malwarebytes has discovered a strain of malware on the Unimax (UMX) U686CL, a low-end smartphone sold by Virgin Mobile Group subsidiary Assurance Wireless.
The phones, which are made in China, are sold through a U.S. government program that subsidizes phone services to low-income families, called Lifeline.
Unremovable malware found preinstalled on low-end smartphone sold in the US https://t.co/O1VH6Vd3Pc
— ZDNet (@ZDNet) January 10, 2020
As Malwarebytes reported, there have been several reports concerning the phones since late 2019, with multiple users complaining that some of the pre-installed apps are malicious. Researchers went on to purchase the phone, only to find that the complaints were true.
Adups and HiddenAds
To begin with, they discovered that one of the apps on the phones- named Wireless Update- contained a malware known as Adups. The malware was created by a Chinese company bearing the same name, and was billed as a means of allowing firmware vendors to update their code.
However, researchers at Kryptowire found in 2017 that its manufacturers were able to ship updates to the software without getting permission from the devices’ vendors and users. Malwarebytes explained that the software still does the same thing to this day.
“From the moment you log into the mobile device [the UMX U686CL], Wireless Update starts auto-installing apps. To repeat: There is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own,” researchers explained.
Although they pointed out that the apps were initially free of any malware, the fact that they’re installed without consent means that Adups (the software manufacturers) could just as well do the same thing at any time.
Our new mobile malware report is now available. Whilst the number of malicious apps are down, the number of attacks doubled.
— Kaspersky (@kaspersky) March 5, 2019
That’s not all. They also found suspicious code in the Settings app. As they explained, the app was filled with a heavily obfuscated malware strain,’ and from the set of characters used in writing its code, they opined that it was of Chinese origin.
They explained that it was meant to act as a dropped for HiddenAds; a popular second-stage malware payload.
Difficult to Uninstall
The company explained that they couldn’t confirm if the malware was installed by the device manufacturers. They might as well have been installed by any of the third parties that had access to the devices while in transit. But, that’s unlikely.
What’s troublesome is the fact that the two malware were said to be non-removable, thanks to their strategic location. Adups is hidden in the Wireless Update app, and any user that uninstalls or disables that will miss out on critical updates going forward.
On the flip side, the Settings app, as we all know, is non-removable. Taking it out will make the device effectively unusable, leaving users stuck with the malware it houses.
Images are courtesy of Twitter, Shutterstock, Pixabay.