Cybersecurity firm, MalwareBytes says it has found pre-installed Chinese malware on some US government-subsidized phones. The phones are offered to low-income families at significant discounts under the FCC’s Lifeline Assistance program that was first introduced three decades ago.
In particular, MalwareBytes has investigated an Android-based model dubbed the UMX U686CL that is being sold by Assurance Wireless, a subsidiary of Virgin Mobile. The phone is manufactured by a China-based company and is priced at $35 which also includes free calls, texts, and data.
The report claims the UMX U686CL came infested with two malware apps. One called Wireless Update was armed with unrestricted privileges and capable of installing apps in the background without any user consent. Being a system-level app, MalwareBytes says it’s also not possible to uninstall Wireless Update as it could adversely affect the rest of the phone’s functions.
Further, MalwareBytes discovered that Wireless Update was programmed under the same name as Adups, a Chinese company that has been caught in the past “collecting user data, creating backdoors for mobile devices and developing auto-installers.”
Adups was responsible for the massive 2016 Android breach which impacted over 700 million phones and prompted probes from Google as well as the Department of Homeland Security.
The second malware was deeply integrated within the Settings app which means removing it could render the entire phone kaput. It housed a Trojan called Hidden Ads that is configured to display ads even when you’re in other apps. Hidden Ads’ source code was riddled with encrypted Chinese characters, because of which MalwareBytes says it couldn’t pinpoint its exact purpose.
“As I have highlighted in this blog and blogs past, pre-installed malware continues to be a scourge for users of mobile devices. But now that there’s a mobile device available for purchase through a US government-funded program, this henceforth raises (or lowers, however you view it) the bar on bad behavior by app development companies,” said Nathan Collier, Senior Malware Intelligence Analyst at MalwareBytes in a blog post.
MalwareBytes claims it reached out to Assurance Wireless before publishing its report but never heard back. We’ve contacted the FCC and Virgin Mobile and will update the post once we have a response.