Stories
Slash Boxes
Comments

SoylentNews is people

Some Low-Cost Android Phones Shipped with Malware Built in

posted by janrinok on Wednesday May 30 2018, @11:53PM   Printer-friendly
from the getting-more-than-you-paid-for dept.

MrPlow writes:

Submitted via IRC for SoyCow3941

Avast has found that many low-cost, non-Google-certifed Android phones shipped with a strain of malware built in that could send users to download apps they didn't intend to access. The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps...

[...] The app consists of a dropper and a payload. "The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under 'settings.' We have seen the dropper with two different names, 'CrashService' and 'ImeMess,'" wrote Avast. The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. "The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we've never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK."

[...] Avast can detect and remove the payloads and they recommend following these instructions to disable the dropper. If the dropper spots antivirus software on your phone it will actually stop notifications but it will still recommend downloads as you browse in your default browser, a gateway to grabbing more (and worse) malware. Engadget notes that this vector is similar to the Lenovo “Superfish” exploit that shipped thousands of computers with malware built in.

Source: https://techcrunch.com/2018/05/24/some-low-cost-android-phones-shipped-with-malware-built-in/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Some Low-Cost Android Phones Shipped with Malware Built in | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by RS3 on Thursday May 31 2018, @01:23AM (1 child)

    by RS3 (6367) on Thursday May 31 2018, @01:23AM (#686557)

    Are they a partner in this or just a victim...

    Good point and question. I think it's a very fine line. I'm not a lawyer, but in legal terms, you can be at fault for negligence- passively allowing something to happen, or even not knowing but not taking "ordinary care" to prevent something bad from happening.

    My hunch is they are just careless, focusing on production volume and "features" and letting the customer be the quality control.

    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 0) by Anonymous Coward on Thursday May 31 2018, @06:03AM

    by Anonymous Coward on Thursday May 31 2018, @06:03AM (#686617)

    My hunch is they are just careless, focusing on production volume and "features" and letting the customer be the quality control.

    The malware is part of the firmware and cannot be removed. That's some kind of careless.