Android Phone for Low Income Americans Contains Malware

Yolanda Curtis
January 12, 2020

However, as researchers at Malwarebytes have discovered, some of the cellphones handed out as part of the program were infected with malware - Chinese malware. The mobile device in question - UMX U686CL - is up for grabs at an affordable price of $35 under the government-funded program called Lifeline Assistance.

Adups provides the component as a firmware-over-the-air (FOTA) update system to various smartphone makers and firmware vendors. Much worse is the fact that the Settings app on the phones includes a hidden "dropper" Trojan similar to known risky malware strains - and you can't remove the Settings app without making the phone unstable.

This arrangement, researchers argue, opens the door for malware to be unknowingly installed in future updates to any of the apps automatically added by Wireless Update. By who remains unclear. However, alongside downloading the latest Android version, the app can also download and install other apps without the user's consent.

"While the apps it installs are initially clean and free of malware, it's important to note that these apps are added to the device with zero notification or permission required from the user".

Assurance Wireless parent company Virgin Mobile is owned by Sprint, which told Ars Technica: "We are aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware".

After learning that Wireless Update was flagged with a malicious detection name, Malwarebytes informed Virgin's Assurance Wireless scheme of the potential dangers - but did not hear back. It costs $53 and while it has some basic specs and features, it does bring two gifts nobody actually wants to receive: malware!

The researchers eventually discovered that the app is a variant of Adups, a Chinese company that has already been involved in privacy scandals, as it previously developed backdoors and auto-installers for mobile devices, while also trying to collect user data.

X shares characteristics with two other variants of known mobile Trojan droppers. It appears to be of Chinese origin and drops an app called Android/Trojan.HiddenAds. These accusations were addressed to Huawei, but isn't it ironic to find malware in US-funded smartphones?

On the other hand, the Settings app is unremovable in the real meaning of the word, as there is no way to remove the app, and even if you did, you wouldn't be able to manage your phone afterward. The worst thing is that you can't delete Adups because it's a system app.

You can check out the full report from Malwarebytes liked above, where they break down the code from the Settings app and Wireless Updater, explaining why they're malicious apps.

Other reports by iNewsToday