Some Low-Cost Android Phones Shipped With Malware Built In

More than 100 different low-cost Android models from manufacturers such as ZTE, Archos, and myPhone ship with malware pre-installed, researchers at Avast Threat Labs reported on Thursday. Users in more than 90 countries, including the U.S., are affected by this, the researchers said. From a report: The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps or even trick users into downloading apps. The app consists of a dropper and a payload. "The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under 'settings.' We have seen the dropper with two different names, 'CrashService' and 'ImeMess,'" wrote Avast.

The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. "The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we've never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK."

Finally !!!!

It's amazing that it actually took more than 5 years before they found this.

Now, let's wait and see how long it will take them to find the other ones.

Re: Finally !!!!

All electronic devices ships with malware these days and manufacturers have been doing this for a very long time ... not just the Chinese but the us companies as well... just look at android, ios, windows and osx/macos for example

iPhones ship with iTunes.

[HornWumpus]

Abracadabra. I define iTunes as Malware, 100% of iPhones ship with malware.

Re: iPhones ship with iTunes.

And I define excessive stupidity as malware. Congratulations, 100% of your posts are malware.

Re:iPhones ship with iTunes.

But iPhones doesn't ship with iTunes.

Mac does though.

Re:iPhones ship with iTunes.

[Desler]

iPhones don’t ship with iTunes. iPhones also haven’t needed iTunes in years to do anything.

Re:iPhones ship with iTunes.

[DaTrueDave]

Wait, are you saying I can drag and drop MP3s onto an iPhone now?

Apple hasn't had any innovations that make me want to switch back from Android, but that's good to know.

Re: iPhones ship with iTunes.

These posts are automated with the iShill app. As if trolling you retards were worth Cook's personal attention. He just presses a button and sends you into paroxysms of delusional paranoia.

Re: whats this about APK?

apk is a big gay baby

reluctant fan

[supernova87a]

Say what you will about Apple and their high prices, closed ecosystem, etc. More and more these days, I find that they are looking out for the end user -- not taking their data off the phone, protecting against malware / abusive apps (the ones that mine our data, suck up your bandwidth, etc), pushing back against law enforcement overreach, and actually have teams whose responsibility it is to keep tabs on all this.

You may get some cheap Android phone that works, but what do you give up? You don't even know till it's too late.

Re:reluctant fan

Can't read that. My anti-virus says it's reported as harmful content.

Re:reluctant fan

Says that Apple knew their iphones were messed up and would bend and sold them anyways.

As for the android stuff the big thing is only apple makes its phone, with android, anyone can make it and you get the issues associated with that.

Have to find a manufacture you can trust when it comes to android, too many cheap ones trying to cash in and make a buck at the expense of their users. Want to find an android later with no bloatware added onto their phone that I can't uninstall.

Accepted it on the one I have because I got it free from a family member right as my previous one died.

Re:reluctant fan

how "bendy" is too much? the report says that Apple knew that the iPhone 6 was more "bendable" than the 5s that preceded it. but was it really "too bendy"? I myself did not have problems for the time I had an iPhone 6 (am using 7 now). before the fanboy accusations, I also have a Pixel (and Nexus etc. before that).

Re:reluctant fan

i give up nothing, because all the computers in my country, specially the ones in all the administrations, run microsoft software, and as a result, i literally have no private data ANYWAY, so OBVIOUSLY this phone thing means NOTHING

ill take my ultra cheap chinese phone over your icrap any day and twice on sundays, my private stuff, by virtue of windows 10 in every administration in my country, its been STOLEN ALREADY

..and you can't even delete it.

[Rick+Schumann]

Some people give me shit for not having a smartphone; do you feel smarter than me now?

Post all the insults and angry comments you want, they're like candy to me.

Re:..and you can't even delete it.

..oh and go right ahead and waste your mod points modding me down, too, your tears of anger taste like sweet wine.

Re: ..and you can't even delete it.

Yes, i still feel smarter. My moto has no malware and even if it did there's nothing of value on it.

Re:..and you can't even delete it.

[Tony+Isaac]

Sure, and you can avoid car accidents by never driving a car.

Every technology comes with risks. For most of us, the benefits of smartphones far outweigh the risks of buying a smartphone that happens to be pre-installed with malware.

Re:..and you can't even delete it.

Cars are not intentionally designed to crash, this is intentional malware distribution and everyone from the store that sold it to the manufacturer needs to face fines and jail time.

Re:..and you can't even delete it.

Post all the insults and angry comments you want, they're like candy to me.

That makes you a troll, no?

Re: ..and you can't even delete it.

He doesn't care that his phone is spying on him RIGHT NOW, and is probably part of a bot-net used for illegal attacks

Enjoy your jail time.

And that malwares name is....

Google.

Far more evil than any malware.

My family has multiple ZTE phones

and I have never seen this behavior. Purchased through MetroPCS if that makes a difference???

Re:My family has multiple ZTE phones

[slaker]

I just bought a big box of recertified ZTE Trek 2s to give to my friends' kids. These are 8" tablets meant to be sold as AT&T phones, originally. Inspecting the software load via ADB does not reveal the software in question and scans from Lookout, Avast and BitDefender all come up perfectly clean.

I can absolutely believe some crappy Android devices have Malware on them but even with poorly regarded ZTE, it does not appear to be an issue with all devices. Since I don't see any signs of the malware wrapper, I think my biggest issue with this particular device is the carrier-mandated Facebook installation.r

Re:My family has multiple ZTE phones

clearly, facebook is the malware

Re:My family has multiple ZTE phones

[pnutjam]

without root, you can pull applications out with the adb toolkit

Re:My family has multiple ZTE phones

[Wrath0fb0b]

Inspecting the software load via ADB does not reveal the software in question

How does this prove anything if the device malware got root?

ADB is just talking to a service on the phone (that happens to be available over USB) which is serviced by software. If Malware achieved root access and can modify any software on the device, it could easily modify whatever bits are handling ADB to conveniently remove any package from the listing sent out.

If you think this is paranoid, read about the state of the art in Windows malware. Many will modify the kernel hooks that list files/processes/sockets/resources to remove themselves from those interfaces.

Pro-tip: read out loud before posting

[dbrueck]

...called called...

Now I won't have to download those sketchy apps

Such a good thing, now new Android phone owners will not have to download those sketchy apps to get malware. Its included for free, your welcome!
That's why I stick with iPhone's maybe its the least flexible OS ever but I don't get malware ever.

speaking of Avast...

[slashmydots]

They just broke like 100,000 PCs worldwide by interfering with the 1803 patch. Good job, Avast!

Vs. Carrier Apps

[Amigori]

Malware? Definitely. But is it any better than the ATT, VZW, etc. apps that you can't get rid of and are close to worthless? Or ads on the lockscreen? Or full-screen browser ads? Or ads that take over the full screen of your app/game?

In that case, your information goes to advertisors instead of hackers. Not sure who I would trust more.The person who wants your eyeballs, to sell you stuff and your information, to make money, or the hacker? Ha! (...who also wants to sell your information and make money.)

Re:Vs. Carrier Apps

[pnutjam]

You can use the adb toolkit to pull that stuff off your phone. https://github.com/pborowicz/h...

Re:Vs. Carrier Apps

[Actually,+I+do+RTFA]

But is it any better than the ATT, VZW, etc. apps that you can't get rid of and are close to worthless? Or ads on the lockscreen? Or full-screen browser ads? Or ads that take over the full screen of your app/game?

Those all sound bad. I recommend none of those. So don't put up with any of that shit either

Re:Vs. Carrier Apps

[rtkluttz]

As opposed to the whole device? Apple or Android if you don't have root and have ultimate control then the device itself is the malware. Malware is anything that works to the detriment of the owners wishes.

Re:Vs. Carrier Apps

[rtb61]

So the real security fault is the security itself and not allowing the owner of the phone to readily access and alter the core operating system files to readily remove this shit. So secure is insecure by design, root access on smart phones by the owner should be required by law.

I don't give up anything

[rsilvergun]

I just don't put sensitive information on my phone. You're still getting tracked you know, just not by google (unless you run their apps, which honestly most do).

Also Apple talks big, but they'll comply with any subpoena they get. Androids have the same levels of encryption on $200 phones. Yeah, if you go _really_ cheap you get corners cut like this, but you don't have to spend $800 (what my kid's iPhone 8 cost) just to get a modicum of security....

Re:I don't give up anything

Same level? You don't know anything about security, dude

Re:I don't give up anything

[Actually,+I+do+RTFA]

Apple talks big, but they'll comply with any subpoena they get.

Apple fairly famously fought a subpoena recently. And while they (obviously) will comply if they were to lose the fight, they've also taken steps to minimize how much they will/can do.

Some?

*All* Android phones are shipped with malware (Google Play Services).

What is the origin

[julian67]

What is the origin of the affected devices? I never heard of myPhone but Archos and ZTE are long established companies who have established reputations by offering products with, respectively, excellent multimedia capability and relatively high end specs at relatively modest price. They don't seem like the kind of no-name companies or desperate rebranding enterprisesd who would deliberately play the malware/gouging the customer game. I haven't owned an Archos phone but I did own several of their older Android devices dedicated to video and audio playback and they definitely did not load up their custom Android versions with bloatware, scamware, adware etc. In fact they did some great stuff that Google was very bad at doing at the time (think back to Eclair, Froyo, Gingerbread era) such as really slick smb and upnp browsing and playback integration into their custom file browser and multimedia apps, support for streaming flac, ogg vorbis and so on.

I just find it hard to believe that they would risk a niche position and a decent reputation like this. Absolutely anywhere in the supply chain from the factory to the retail outlet could be the weak link, it is not necessarily the brand name/designer/enterprise who commissioned the goods.

One big same

[magarity]

manufacturers such as ZTE, Archos, and myPhone

The Chinese city of Shenzhen is for all practical purposes one giant factory with different company names over different loading dock doors. But it's all the same conglomerate inside.

"manufacturers such as ZTE"

[Stormy+Dragon]

Crap, now they're going to have to give Trump another $500 million bribe.

To quote a fairly old Captain Picard theme...

[Gojira+Shipi-Taro]

I just shat myself with surprise.

Whitelist

Isn't a list meant to block a bunch of things actually called a 'blacklist'?

Sounds like ZTE deserves to go under

[ilsaloving]

I am in awe of just how stupid the ZTE leadership is. It's like they're having a "Hey Blackberry! Hold my beer!" moment.

Up until recently, I was basically ambivalent about ZTE. Based on the recent news I'm seeing, I now won't touch them with a 10 foot pole even if their devices were readily available.