Pre-installed malware detected on some Android smartphones

В бюджетных смартфонах на Android обнаружили старый вирус

Avast has been in contact with Google and says the tech giant has reached out to the firmware developers to encourage them to take care of the issue.

The news comes from Avast, which found an adware type of malware that simply loads ads in your browser.

"Malicious apps can, unfortunately, be installed on firmware level before they are shipped to customers, probably without the manufacturer's knowledge", said Nikolaos Chrysaidos, Head of Mobile Threat Intelligence and Security at Avast. The adware servers are still operating, and lots of users have complained about bad ads, the company notes.

The adware has been active for at least three years, and is hard to remove as it is installed on the firmware level and uses strong obfuscation. According to Avast, the countries that are affected by the malware are Russia, Italy, Germany, the United Kingdom, Ukraine, Portugal, Venezuela, Greece, France, and Romania. Google has taken steps to mitigate the malicious capabilities of many app variants on several device models, using internally developed techniques.

The phones concerned belong to manufacturers such as ZTE, Archos, Prestige, and myPhone, and are in all cases low-cost terminals that are not Google-certified, as revealed by a report published by Avast. To make sure that there is some kind of protection in the future, Google Play Protect has been updated. Avast Software has released details about the "Cosiloon" malware on its blog, which has also been found on devices from Archos, Prestigio, and others.


According to the report, it is not clear how the adware got onto the devices.

The only times the malware won't download additional apps is when the device's language is set to Chinese, when the device's public IP address is also from a Chinese IP range, and when the number of locally installed apps is below three (indicating a test/scan environment). Some antivirus apps report the payloads, but the dropper will install them right back again and the dropper itself can't be removed, so the device will forever have a method allowing an unknown party to install any application they want on it.

This means the group is opportunistic and infects devices at random, as it finds a window during which it can poison their firmware. It's also working with providers and domain registrars to get the problematic servers closed down permanently. "Together, we can ensure a safer mobile ecosystem for Android users". "The app is completely passive, only visible to the user in the list of system applications under "settings.' We have seen the dropper with two different names, 'CrashService" and 'ImeMess, '" wrote Avast. If you haven't bought an incredibly cheap Android product without Google Play Services installed over the past few years, you can go about your day worry-free.

Avast says it can detect the payload and uninstall it, but it can't do anything about the dropper that's built into the system.

Related News:



Most liked

Man Utd agree £43.8 million transfer fee
Manchester City dropped out of the race for his signature last month, leaving Manchester United on pole position to sign him. The Man United boss wants to bring in Fred before the World Cup, so a deal could be signed and sealed in a matter of weeks.

U.S. transport safety board finds Uber software at fault for fatal collision
Human chaperones are supposed to take control when the cars' sensors and algorithms fall short or other circumstances demand it. The system relied on the human backup driver to intervene but is not now able to alert the driver of any unsafe situations.

Rashid Khan is a keen follower of Mahesh Babu’s films
Sunrisers are one from one in finals, having beaten RCB by eight runs in a run-fest in 2016 under the stewardship of David Warner. Kane Williamson and MS Dhoni take on each other as not only captains leading from the front, but also as middle order mainstays.

What we learned vs. Boston Celtics Game 6
He'll have to come up clutch once again when they face the Celtics in Boston for Game 7 this Sunday. "We have no other way out". If The Machine can churn out one more game for the ages, he'll bring the Cavs home.

Trump seethes over Russian Federation probe, calls for end to 'SPYGATE'
A CBS News poll in early May, for example, showed how widely his talking points are being embraced. It is refreshing to hear that now, finally, he's interested in actual evidence.

Klopp calls for 'big balls' from Liverpool
Carvajal missed most of the semi-final through injury but is back in the side and will be in for a tough time up against Salah. Fox is included in the package so you'll be able to quickly join in time to watch the entire Liverpool vs Real Madrid game .

Latest Liverpool target Nabil Fekir was linked with Everton back in 2015
Relegation was looming after a 2-0 loss to Everton left Liverpool only off the bottom of the Premier League on goal difference. The Liverpool boss continued to praise his players for the excellent campaign that has seen them arrive in the final.

US Mississippi, Florida Declare Emergency Over Subtropical Storm Alberto
Monday looks like the rainiest, windiest day with an increasing threat of some tornadoes east of wherever the center ends up. The last time a tropical cyclone was named Alberto was in 2012; it also formed before the season began, on May 19.

Explosive detonates in restaurant near Toronto, injures 15
Peel Regional paramedic Joe Korstanje told CBC that the three critically injured people had been taken to a nearby trauma center. Peel regional police tweeted that 2 suspects attended the scene, detonated an Improvised Explosive Device within the restaurant.

Moonwalking astronaut-artist Alan Bean dies at 86
Alan Bean the fourth astronaut to walk on the moon before becoming a painter died Saturday at the age of 86 in Texas . We invite you to share condolences for Alan Bean in our Guest Book .

Trump not backing down on 'spy' allegations
Adam Schiff (D-Calif.), the top Democrat on the House Intelligence Committee, criticized as "completely inappropriate". That explanation has not satisfied many Democrats. "If the facts are against you, argue the law", the saying goes.

Trump says Korea talks 'going along very well'
In response, the North said Friday that it stays open to talks with the USA anytime and in any format. Moon says his meeting with Kim was arranged at Kim's request.

Lewis Hamilton and Sebastian Vettel open to future partnership
French driver Romain Grosjean, who has failed to finish three of five races so far, twice clipped the barriers in P1. He is the only driver yet to score a point along with Russian driver Sergey Sirotkin from the Williams team.

LeBron Scores 46, Cavaliers Beat Celtics 109-99 To Force Game 7
That season, Boston knocked out James and the Cavs in six games in the second round, and James left the Cavs for the Miami Heat. George Hill added 20 points, while Jeff Green and Larry Nance came off the bench to deliver 14 and 10, respectively.

Student says science teacher tackled Noblesville school shooter
He said he was conscious after the shooting and spoke with his wife, telling her he was OK. Police have reportedly confirmed that the families of the victims have been notified.