It has been found that two malware pre-installed with the phones issued by the US Government-funded mobile carrier Assurance wireless by Virgin Mobiles offers their most budget-friendly phones — UMX U686CL — which comes with the pre-installed malware, as discovered Malwarebytes.
The first app is an updater named as Wireless Update, which is the only way to update the phone. The malware, Android/PUP.Riskware.Autoins.Fota.fbcvd, cannot be removed by the users and is a variant of Adups, a Chinese company which was caught collecting the user data without consent.
While updating the device, malicious apps are downloaded alongwith without user consent. Currently, there is no way to remove the app; however, users can try some advanced removal techniques. As per the researchers, from the moment you turn on the mobile, the app begins installing the apps.
The other malware is the device’s Settings app. The Settings app contains the malware identified by Malwarebytes as Android/Trojan. Dropper, which is of Chinese origin. The malware contains an encoded string which, when decoded, reveals a hidden library.
After this library is loaded in the memory, it launches another piece of malware known as Android/Trojan.HiddenAds. Although this malware has yet to be detected by Malwarebytes, many users have reported about this malware.
As per the researchers, both the malware originated from China, although it is not clear whether this is just a coincidence or whether the Chinese are involved.
“Budget should not dictate whether a user can remain safe on his or her mobile device. Shell out thousands for an iPhone, and escape pre-installed maliciousness. But use government-assisted funding to purchase a device and pay the price in the malware? That’s not the type of malware-free existence we envision at Malwarebytes”, said the security researcher from Malwarebyte.
Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations.
You can contact him here: [email protected]