Security company Malwarebytes has discovered a US Government-subsidized low-cost smartphone is being sold to customers with pre-installed malware.
The UMX U683CL, being sold by Virgin Mobile’s Assurance Wireless program for only $35 (due to the Lifeline Assistance program) comes pre-loaded with two trojans, one of which can not be removed.
The two trojans are Android/PUP.Riskware.Autoins.Fota.fbcvd and Android/Trojan.Dropper.Agent.UMX.
Android/PUP.Riskware.Autoins.Fota.fbcvd auto-installs apps on smartphones without any user consent and intervention.
Android/Trojan.Dropper.Agent.UMX is built into the Settings app of the UMX U683CL and can therefore not be removed. It appears to be of Chinese origin and drops an app called Android/Trojan.HiddenAds.
Both apps can presumably turn buyers into a distributed botnet used for click fraud for ads and apps which are difficult to detect. Some users do report being shown full-screen ads, including on their lock screen. Like most phones, the UMX U683CL is manufactured in China where such incidents are not uncommon, and it does not necessarily mean US customers are being directly targetted.
The fact remains however that hundreds of thousands of US residents are likely being spied on with little ability to correct the issue themselves. Malwarebytes contacted Assurance Wireless but received no response from them.
Read all the detail at MalwareBytes here.
Via XDA-Dev, thanks MrElectrifyer for the tip.