Stories
Slash Boxes
Comments

SoylentNews is people

Some Low-Cost Android Phones Shipped with Malware Built in

posted by janrinok on Wednesday May 30 2018, @11:53PM   Printer-friendly
from the getting-more-than-you-paid-for dept.

MrPlow writes:

Submitted via IRC for SoyCow3941

Avast has found that many low-cost, non-Google-certifed Android phones shipped with a strain of malware built in that could send users to download apps they didn't intend to access. The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps...

[...] The app consists of a dropper and a payload. "The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under 'settings.' We have seen the dropper with two different names, 'CrashService' and 'ImeMess,'" wrote Avast. The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. "The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we've never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK."

[...] Avast can detect and remove the payloads and they recommend following these instructions to disable the dropper. If the dropper spots antivirus software on your phone it will actually stop notifications but it will still recommend downloads as you browse in your default browser, a gateway to grabbing more (and worse) malware. Engadget notes that this vector is similar to the Lenovo “Superfish” exploit that shipped thousands of computers with malware built in.

Source: https://techcrunch.com/2018/05/24/some-low-cost-android-phones-shipped-with-malware-built-in/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Some Low-Cost Android Phones Shipped with Malware Built in | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Thursday May 31 2018, @06:18PM

    by Anonymous Coward on Thursday May 31 2018, @06:18PM (#686857)

    Is this the Chinese government spying on other countries, or are the malware authors considerate of their countrymen?

    It's Chinese OEMs taking advantage of the fact they can use EULAs to forbid class actions and force arbitration outside of China: https://www.lexology.com/library/detail.aspx?g=e2ac80df-ecdc-4ab2-bcbc-f04f8b78910f [lexology.com]

    That's to say, while Avast calls it a malware, legally it's just ads and data collection you approved of when you read and signed the EULA as far as the EU and US are concerned. If you don't like, learn Mandarin. I hear it's a beautiful language.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1