Android devices being shipped with pre-installed malware: Avast | HT Tech

Android devices being shipped with pre-installed malware: Avast

Devices by companies like ZTE, Archos and myPhone are infected with malware. These devices are not certified by Google.

| Updated on: May 25 2018, 18:06 IST
Several Android devices ship with pre-installed malware.
Several Android devices ship with pre-installed malware. (Bloomberg)

Thousands of Android devices including those from manufacturers like ZTE, Archos and myPhone are being shipped with pre-installed malware globally including in India, global cyber-security company Avast claimed on Friday.

A majority of these Android devices are not certified by Google and carry an adware that goes by the name "Cosiloon" and creates an overlay to display an advertisement over a webpage within the user's browser, said a report prepared by Avast Threat Labs.

You may be interested in

MobilesTablets Laptops
2% OFF
Google Pixel 7 5G
  • Obsidian
  • 8 GB RAM
  • 128 GB Storage
31% OFF
Google Pixel 7 Pro 5G
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Google Pixel 7A
  • Charcoal
  • 8 GB RAM
  • 128 GB Storage
5% OFF
OnePlus 11R
  • Sonic Black
  • 8 GB RAM
  • 128 GB Storage

The report said it has found such adware pre-installed on several hundreds of Android models.

Also read
Looking for a smartphone? To check mobile finder click here.

"Thousands of users are affected and in the past month alone, Avast Threat Labs has seen the latest version of the adware on around 18,000 devices belonging to Avast users located in more than 100 countries, including Russia, Italy, Germany, India, Mexico, the UK as well as some users in the US," the company said in a statement.

The adware which was previously described by Dr Web (a Russian IT-security solutions vendor) has been active for at least three years and is difficult to remove as it is installed at the firmware level and uses strong obfuscation.

Google has reached out to firmware developers to bring awareness to these concerns and encouraged them to take steps to address the issue, it added.

"Malicious apps can, unfortunately, be installed on firmware level before they are shipped to customers, probably without the manufacturer's knowledge," said Nikolaos Chrysaidos, Head of Mobile Threat Intelligence and Security at Avast.

According to the report, it is not clear how the adware got onto the devices.

The malware authors kept updating the control server with new payloads. Manufacturers also continued to ship new devices with the pre-installed dropper.

"Some anti-virus apps report the payloads, but the dropper will install them right back again and the dropper itself can't be removed, so the device will forever have a method allowing an unknown party to install any application they want on it," the report informed.

Users can find the dropper in their settings (named "CrashService", "ImeMess" or "Terminal" with generic Android icon), and can click the "disable" button on the app's page, if available (depending on the Android version).

This will deactivate the dropper and once Avast removes the payload, it will not return again, the company said.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 25 May, 18:06 IST