Cheap Android phones might not be as economical as you thought, as new types of preloaded malware are regularly being discovered on these smartphones. There were two such findings just last month, and now Doctor Web, a security firm, has discovered a couple of Trojan viruses in some more cheap smartphones, according to Ars Technica.
Two Lenovo phones also had similar viruses
According to Doctor Web, dozens of inexpensive Android phones come preinstalled with applications that surreptitiously download and install adware and other unwanted programs. Researchers from Doctor Web described such apps as downloader Trojans that can download not only benign unwanted apps but also malicious ones.
One such app is H5GameCenter, which shows advertisements on top of running apps. The picture cannot be removed, and infected users report that Android.DownLoader.473.origin quickly downloads and installs it again when they uninstall the application. Android.Sprovider.7 is another pre-installed downloader detected by researchers at Doctor Web, notes Ars Technica.
Khrom Capital was up 32.5% gross and 24.5% net for the first quarter, outperforming the Russell 2000's 21.2% gain and the S&P 500's 6.2% increase. The fund has an annualized return of 21.6% gross and 16.5% net since inception. The total gross return since inception is 1,194%. Q1 2021 hedge fund letters, conferences and more Read More
According to the researchers, about 26 Android smartphones from several manufacturers were preloaded with the Android.DownLoader.473.origin Trojan virus. Two smartphones made by Lenovo were found to contain the Android.Sprovider.7 virus.
Both malware variants are capable of displaying notifications and ads and can download apps as well from unknown sources. It may not be possible for a regular user to get rid of it since it is embedded in the firmware. Many of these infected devices are powered by MediaTek chipsets, which are quite common in low-cost phones.
Beware of these Android phones
According to the security researchers, cyber-criminals generate their income by raising application download statistics and distributing advertising software.
“Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were incorporated into Android firmware because dishonest outsources who took part in creation of Android system images decided to make money on users,” the researchers nstated.
Also the researchers published a list of devices carrying such Trojans: MegaFon Login 4 LTE, Irbis TX97, Irbis TZ43, Bravis NB85, Bravis NB105, Irbis TZ85, SUPRA M729G, SUPRA V2N10, Pixus Touch 7.85 3G, Itell K3300, General Satellite GS700, SUPRA M72KG, Prestigio MultiPad Wize 3021 3G, Prestigio MultiPad PMT5001 3G, Optima 10.1 3G TT1040MG, Marshal ME-711, 7 MID, Digma Plane 9.7 3G, Nomi C07000, Explay Imperium 8, Perfeo 9032_3G, Ritmix RMD-1121, Oysters T72HM 3G, Irbis tz70, Irbis tz56, and Jeka JK103.
Since these devices are mostly sourced from China-based OEMs and rebranded for local sales, there could be more affected smartphones or variants of them, says Neowin. In light of these recent discoveries, it would be better to choose a reputed smartphone brand instead of an unknown brand the next time you buy an inexpensive Android phone.