Thousands of Android devices shipped with pre-installed malware: Avast

The majority of these devices are not certified by Google and adware goes by the name “Cosiloon” which creates an overlay to display an ad over a webpage within the user’s browser.

|

According to a new study by global cyber-security company Avast, several of Android devices, including those from manufacturers like ZTE, Archos, and myPhone, are being shipped with pre-installed malware.

 
Thousands of Android devices shipped with pre-installed malware: Avast


The majority of these devices are not certified by Google and adware goes by the name "Cosiloon" which creates an overlay to display an ad over a webpage within the user's browser.

"Thousands of users are affected, and in the past month alone, in fact, Avast Threat Labs has seen the latest version of the adware on around 18,000 devices belonging to its users located in more than 100 countries including Russia, Italy, Germany, India, Mexico, the UK, as well as some users in the US," the company said in a statement.

 

"Malicious apps can, unfortunately, be installed on firmware level before they are shipped to customers, probably without the manufacturer's knowledge," said Nikolaos Chrysaidos, Head of Mobile Threat Intelligence & Security at Avast.

Chrysaidos said: "If an app is installed on the firmware level, it is very difficult to remove, making cross-industry collaborations between security vendors, Google, and OEMs imperative. Together, we can ensure a safer mobile ecosystem for Android users."

The adware which was previously described by Dr. Web has been active for at least three years and is difficult to remove as it is installed at the firmware level and uses strong obfuscation.

However, the company said that it is not clear how the adware got onto the devices. The malware authors kept updating the control server with new payloads and manufacturers also continued to ship new devices with the pre-installed dropper.

Some antivirus apps report the payloads, but the dropper will install them right back again and the dropper itself can't be removed, so the device will forever have a method allowing an unknown party to install any application they want on it, report further said.

The Avast Threat Labs also observed the dropper install adware on the devices, however, it could easily also download spyware, ransomware or any other type of threat.

It said that users can find the dropper in their settings, and can click the "disable" button on the app's page, if available. This will deactivate the dropper and once Avast removes the payload, it will not return again.

In the last few years, the Avast Threat Labs have observed from time to time some strange Android samples in their database.

20 Things You No Longer Need Just Because of Smartphones

The samples appeared to be like any other adware sample, with the exception that the adware appeared to have no point of infection and several similar package names, the most common being:

· com.google.eMediaService

· com.google.eMusic1Service

· com.google.ePlay3Service

· com.google.eVideo2Service

Best Mobiles in India

Read More About: malware android Mobile news

Best Phones

Get Instant News Updates
Enable
x
Notification Settings X
Time Settings
Done
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X
X