Hundreds Of Android Smartphones Preloaded With Malware, Warns Avast

Many affordable Android smartphones ship preloaded with malware out of the box, cyber security specialist Avast has warned.

The firm identified over several hundred phones from the likes ZTE, MediaTek, Archos and Blaupunkt, among others as being shipped with the Cosiloon adware, which is reportedly very difficult to remove.

This is not the first time that adware has been found on Android devices, however devices are unsually infected after installing compromised apps. This time last year for example Check Point warned of adware on 41 apps on Google Play, which had been developed by a Korean company.

Preinstalled adware

But now Avast in a blog post has warned that hundreds of cheap Android smartphones are shipped with the Cosiloon adware.

“When you get a brand new phone, you expect it to be clean from any malware and adware. Unfortunately, this is not always the case,” wrote Avast. “The Avast Threat Labs has found adware pre-installed on several hundred different Android device models and versions, including devices from manufacturers like ZTE and Archos. The majority of these devices are not certified by Google.”

It said that the Cosiloon adware has previously been described by Dr. Web, and has been active for at least three years.

Essentially, the adware creates an overlay to display an ad over a webpage within the users’ browser.

Avast warned that Cosiloon “is difficult to remove as it is installed on the firmware level and uses strong obfuscation.”

“Thousands of users are affected, and in the past month alone we have seen the latest version of the adware on around 18,000 devices belonging to Avast users located in more than 100 countries including Russia, Italy, Germany, the UK, as well as some users in the US,” it wrote.

C&C takedown

“By far the most jarring fact is that Dr. Web reported on this in 2016… and yet nothing happened,” said Avast. “The control server was live until April 2018, and the authors kept updating it with new payloads.”

“We have attempted to disable Cosiloon’s C&C server by sending takedown requests to the domain registrar and server providers,” said Avast.

But it seems that the domain registar has not responded, so the C&C server is still active.

Shipping new devices preinstalled with cyber nastiness has happened before, most notably with PC maker Lenovo last year.

Last Spetember the Chinese firm was fined $3.5 million (£2.7m) and ordered to review its cybersecurity testing after it distributed the ‘harmful’ Superfish adware with its laptops ever since 2014.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Boeing Starliner Launches Successfully, On Route To International Space Station

Boeing's crewless space taxi, CST-100 Starliner, one step closer to NASA certification, as it enters…

2 days ago

Apple Accused By Union Of Staff Law Violations At NY Store

Staff at Apple's World Trade Centre store in New York are allegedly being questioned and…

2 days ago

Canada To Join Five Eyes 5G Ban On Huawei/ZTE

Making it official. Canada is to turn its unofficial ban on 5G kit from Huawei…

2 days ago

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

3 days ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

3 days ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

3 days ago