Phones from US government came packed with Chinese malware

News
By
published

Smartphones offered to low-income Americans had two unremovable malicious apps

Phone malware
(Image credit: Shutterstock)

Smartphones provided to low-income families through a US government scheme come preloaded with Chinese malware according to new research from Malwarebytes.

The security firm received several complaints from users that the pre-installed apps on their phones were malicious, so Malwarebytes purchased the Android-based phone in question, the UMX U686CL, and was able to verify these claims. The smartphone is sold by Assurance Wireless which is owned by Virgin Mobile USA.

Upon further investigation, Malwarebytes found that one of the pre-installed apps, which appears and operates as a wireless update program, has the ability to automatically install more apps without user content.

The app appears to be a variant of a malware previously traced to China called Adups which sends text, call-location and app data back to a Chinese server every 72 hours. Back in 2016, Kryptowire discovered that over 700m Android smartphones had Adups installed and a report by the company's Ryan Johnson ended up leading to investigations from both Google and the Department of Homeland Security.

Pre-installed malicious apps

In addition to a variant of Adups, Malwarebytes also found a second malicious app on the UMX U686CL that contained code written in Chinese characters. 

Unfortunately for users that acquired one of these smartphones through the Lifeline Assistance program which has offered phones to low-income Americans since 1985, neither of the malicious apps can be removed from the device.

In a blog post, senior intelligence analyst at Malwarebytes, Nathan Collier explained that other budget Android phones could also be at risk from pre-installed malware, saying:

“It’s important to realize that UMX isn’t alone. There are many reports of budget manufactures coming pre-installed with malware, and these reports are increasing in number. Although I don’t have the answer to this widespread issue, I can say that US citizens using the Lifeline Assistance Program and many others on a tight budget deserve more.”

Via The BBC

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Latest in News
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up
Hospital
Major Oracle outage hits US Federal health record systems
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
iPad Pro 13-inch 2024 on a table
The OLED iPad Pro is reportedly less popular than expected – and that could mean these changes to Apple's OLED iPad plans
Sam Porter cradles a baby
Death Stranding 2: On the Beach trailer confirms June release date and an even more harrowing post-apocalyptic world
The Ray-Ban Meta Coperni smart glasses
The new Ray-Ban Meta smart glasses design is an expensive disappointment
More about security
How to prevent cyberattacks

NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps

Agentic AI has “profound” issues with security and privacy, Signal President says
Bluetooth

Top Bluetooth chip security flaw could put a billion devices at risk worldwide
See more latest
Most Popular
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Michelle and Kid Cosmo watching a video projected onto a screen in Netflix's The Electric State movie
'We could not achieve that with puppetry or animatronics': Joe and Anthony Russo didn't want to build real-life robots for The Electric State for two big reasons
Workers at computers in an office
Cybersecurity workers aren't massively happy with their employers - but they are being paid pretty well
Nvidia logo on a dark background
Nvidia's GeForce graphics driver woes continue for some users, despite 572.75 hotfix's overclock and black screen promises
Garmin Fenix 8 AMOLED watch on wrist
Garmin owners were confused about 13.35 software update for Fenix 8, here's what actually happened
An AI face in profile against a digital background.
Worried about DeepSeek? Well, Google Gemini collects even more of your personal data
Samsung Galaxy A56 display
Samsung’s new budget handsets are getting One UI 7 before the Galaxy S24 Ultra, and I’m as confused as you are
iPad Pro 13-inch 2024 on a table
The OLED iPad Pro is reportedly less popular than expected – and that could mean these changes to Apple's OLED iPad plans
Chrome icon on Android
The US government still wants Google to sell off Chrome
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up