Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Persistent ad and dialler trojans found on 28 Android phones

Mostly landfill Androids from odd places, but Lenovo makes the list too

More than two dozen cheap Androids have been found to host pre-installed malicious apps capable of downloading persistent adware and making phone calls.

The phones, which include Lenovo's A6000 and A319, were discovered bearing the pre-installed malicious apps by security researchers with antivirus firm Dr Web.

Dr Web reckons resellers and firms in the supply chain are to blame.

It says there are likely to be many more compromised handsets bearing the apps capable of quietly downloading various trojans from remote servers.

Most of the downloads appear to be adware, a class of malware more irritating than dangerous, other than to the wallet of those who end up paying excess data charges. Mobile adware mostly strikes in China and Russia.

Entire companies have been found pushing advertising malware apps onto devices, ignoring the option to steal passwords and data using the acquired root privileges.

One firm based in Xingdu, China, was this year fingered for slinging the Hummingbad malware and was said to be making $US300,000 a month through some 10 million infected devices.

Dr Web's researchers described a trojan which activates on boot and connects to its command and control to download configuration files when a WiFi connection is established.

"The file contains information about the application that the trojan should download [and] covertly install," the researchers said.

"Android.DownLoader.473.origin actively distributes the advertising program H5GameCenter that is detected by Dr.Web as Adware.AdBox.1.origin [which] displays a small box image on top of running applications that cannot be removed from the screen."

Affected devices include the following handsets:

  • MegaFon Login 4 LTE
  • Irbis TZ85
  • Irbis TX97
  • Irbis TZ43
  • Bravis NB85
  • Bravis NB105
  • SUPRA M72KG
  • SUPRA M729G
  • SUPRA V2N10
  • Pixus Touch 7.85 3G
  • Itell K3300
  • General Satellite GS700
  • Digma Plane 9.7 3G
  • Nomi C07000
  • Prestigio MultiPad Wize 3021 3G
  • Prestigio MultiPad PMT5001 3G
  • Optima 10.1 3G TT1040MG
  • Marshal ME-711
  • 7 MID
  • Explay Imperium 8
  • Perfeo 9032_3G
  • Ritmix RMD-1121
  • Oysters T72HM 3G
  • Irbis tz70
  • Irbis tz56
  • Jeka JK103
  • Lenovo A6000
  • Lenovo A319

Trojans found on Lenovo A319 and A6000 devices classified as Android.Sprovider.7 are built into the Rambla application providing access to an Android software catalog by the same name.

Its unencrypted payload executes functions including the ability to download and install Android installation apps, open browser links, call dedicated phone numbers, throw top-of-screen ads, and update its main malware module.

"Android.DownLoader.473.origin and Android.Sprovider.7 were incorporated into Android firmware because dishonest outsourcers who took part in creation of Android system images decided to make money on users," the researchers say. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like