Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Found Preinstalled On Some Alcatel Smartphones (zdnet.com)

Posted by BeauHD on from the hidden-in-plain-view dept.

An anonymous reader quotes a report from ZDNet: A weather app that comes preinstalled on Alcatel smartphones contained malware that surreptitiously subscribed device owners to premium phone numbers behind their backs. The app, named "Weather Forecast-World Weather Accurate Radar," was developed by TCL Corporation, a Chinese electronics company that among other things owns the Alcatel, BlackBerry, and Palm brands. The app is one of the default apps that TCL installs on Alcatel smartphones, but it was also made available on the Play Store for all Android users --where it had been downloaded and installed more than ten million times. But at one point last year, both the app included on some Alcatel devices and the one that was available on the Play Store were compromised with malware. How the malware was added to the app is unclear. TCL has not responded to phone calls requesting comment made by ZDNet this week. The app reportedly harvested users' data and sent it to China. It collected geographic locations, email addresses, and IMEI codes, which it sent back to TCL.

Upstream, a UK-based mobile security firm, also found that "the malicious code hidden inside the app would also attempt to subscribe users to premium phone numbers that incurred large charges on users' phone bills," reports ZDNet. "All in all, the company says it detected and blocked over 27 million transaction attempts across seven markets, which would have created losses of around $1.5 million to phone owners if they hadn't been blocked."

Upstream notes that most of the behavior they've seen originated only from two types of smartphones: Pixi 4 and A3 Max models.

9 of 35 comments (clear)

  1. Unfortunately you just can't trust tech from China by iCEBaLM · · Score: 3, Insightful

    - The government is authoritarian enough that it will meddle.
    - There are no consumer protections for this kind of stuff in China
    - You have no recourse if a Chinese company steals your data

    Whereas in the west we have consumer protections for it, and a judicial system for recourse. That said, western governments can meddle too, however it's much harder for them to keep it secret.

  2. "owned" brands - Blackberry by Dagrim · · Score: 1

    Long-term license, rather than ownership for the Blackberry brand. http://www.marketwired.com/pre...

  3. Re:NOT THE FIRST TIME, ALCATEL by alzoron · · Score: 1

    American Network Solutions phones (which are ironically made in China) are also pretty malware laden from the factory as well.

  4. Haiku by budha_burger · · Score: 1

    Thirty dollar phone / You get what you don't pay for / Return to Wal-Mart /

  5. Re:Unfortunately you just can't trust tech from Ch by Aighearach · · Score: 2

    For the same reasons as above, I'm much more afraid of China doing it, because they can use the information for any purpose. And they do.

    Here in the USA, the government can only do certain, narrowly defined things. And when it comes to my data, it is really hard for them to use it in a way that harms me. They can't give it out, and they can't use it against me without a bunch of processes where I have substantial rights.

    In China you don't even have the right to a lawyer, or to see evidence against you. There are no standards of evidence that restrict what data they can use. They don't need to have a warrant first in order to later use it against you.

    If the NSA slurps my data, they didn't have a warrant, and they can't use it against me. They can use it target a missile in Iraq, but here at home they can't even use it to give me a parking ticket.

  6. Dupe... by Anonymous Coward · · Score: 2, Informative

    Popular App Weather Forecast Collects Too Much User Data and is Attempting To Subscribe Some Users To Paid Services Without Permission

  7. Re:Unfortunately you just can't trust tech from Ch by TheRaven64 · · Score: 1

    As an individual, there's little that China can do to me - I've been to China once and I'm not inclined to repeat that. But as a corporate user, a Chinese company having access to all of my work-related emails and access to any work-related files on my device could have a significant impact on my employer's ability to remain competitive (production is much cheaper than R&D), which would impact their ability to pay me.

    British companies used to be warned not to discuss work on Air France flights because the French intelligence agencies would put microphones in the seats and pass on any commercially-sensitive information they picked up to French companies. China still has a very close relationship between corporations and intelligence. The NSA is far less likely to pass on anything that they learn to US-based competitors.

    --
    I am TheRaven on Soylent News
  8. Re:Unfortunately you just can't trust tech from Ch by TheRaven64 · · Score: 1

    You're assuming that the Chinese data collection incorporates high security. When you're talking about spying, it's not a question of who gets your data, it's who gets your data first. I probably don't have anything to worry about from any government knowing the contents of my devices, but I might be more worried about various organised crime syndicates knowing things that can be easily inferred from these devices (e.g. when my house is going to be unoccupied). I'd trust the NSA or GCHQ to keep the data that they've stolen about me secret more than I would trust their Russian or Chinese counterparts.

    --
    I am TheRaven on Soylent News
  9. Re:Unfortunately you just can't trust tech from Ch by Marxist+Hacker+42 · · Score: 1

    Or Korea I guess. I was prompted to download the same software for my Samsung S8 Active. It brought up so many advertisements that I quickly deleted it.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.