Monday, 24 February, 2020

FCC is supplying malware-loaded phones to low-income users

Unremovable malware found preinstalled on low-end smartphone sold in the US US government-funded phones come with pre-installed malware
Cecil Davis | 12 January, 2020, 14:35

However, as researchers at Malwarebytes have discovered, some of the cellphones handed out as part of the program were infected with malware - Chinese malware.

A Malwarebytes Labs blog post details the malware preinstalled on the UMX U686CL, a cheap Android phone provided by Assurance Wireless as part of the government's Lifeline assistance program.

Adups provides the component as a firmware-over-the-air (FOTA) update system to various smartphone makers and firmware vendors. MalwareBytes senior analyst Nathan Collier, mentions that although these apps installed are free of malware, the fact that these apps are added to the device without any notification/permission, it raises concerns around malware.

Under the Federal program, Virgin Mobile's Assurance Wireless sells the $35 Android smart phone, UMX U686CL. One of the malware applications found on phones can be removed, but it requires multiple steps that could prevent future phone updates. By who remains unclear. To repeat: "There is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own", Collier notes. There are many reports of budget manufactures coming pre-installed with malware, and these reports are increasing in number.

That's already pretty bad, but at least the Wireless Update app can be uninstalled, and AdUps generally only installs more adware. It costs $53 and while it has some basic specs and features, it does bring two gifts nobody actually wants to receive: malware!

To compound the issue, the malicious Settings app serves as the dashboard from which the phone's settings are changed, and can not be removed without bricking these devices.

Adups was criticized in 2016 and 2017 for secretly collecting user data via pre-installed apps that can't be removed without creating problems for the host device.

Dawgs OL Cade Mays Transfers to Tennessee
With Thomas sitting out, Mays (6-foot-6, 318 pounds) started at left tackle in Georgia's Sugar Bowl victory over Baylor. His younger brother, Cooper, will be a freshman on Rocky Top this fall after signing with the Vols in December.

The app, Malwarebytes says, was tainted with what gave the impression to be a pressure of closely-obfuscated malware, believed to be of Chinese origin, because of the heavy use of Chinese characters as variable names.

Malwarebytes researchers said they couldn't confirm that Unimax was the party that added the malware to the devices.

According to cybersecurity firm Malwarebytes, one of Sprint's prepaid brands sold a phone that carried not one but two pre-installed, malicious applications developed in China.

The smartphone in question is the Unimax (UMX) U686CL, which you probably never encountered.

Android/Trojan.Dropper is a malicious app that contains additional malicious app (s) within its payload.

There was no immediate fix available at the time of publication of the findings, other than uninstalling wireless updates or uninstalling pre-installed apps that involve certain repercussions. However, it appears someone is using Adups to push specific malware applications to the phone.