14 DAY TRIAL // Chinese cyber security vendor Cheetah Mobile discovered thousands of Android tablets sold on Amazon that come packed with pre-installed malware.
The company came across this infection alerted by telemetry data from their mobile security app. After further investigation of the data, they linked the infection to a trojan that they dubbed Cloudsota. In all cases, customers reported buying the tablets from Amazon.
Not coincidentally, all had extremely poor reviews, and many users were complaining out in the open about unremovable apps, popup ads, and hijacked browsers.
According to Cheetah Mobile's malware analysts, Cloudsota came pre-installed on all tablets, had root permissions and aggressive boot persistence, meaning it would reinstall itself whenever removed.
Cloudsota's arsenal of tricks included the ability to install other apps (usually malware or adware), remove security apps, change a browser's homepage, alter browser search results, change tablet wallpaper, insert ads in the boot animation, and open applications on demand.
Over 17,000 tablets infected, from 30 different tablet makers
Cheetah Mobile reports that its mobile security system detected 17,233 of such infected tablets in the wild, but this number could be much greater since Cloudsota, as mentioned above, was able to remove security apps and prevent detection in some cases.
Researchers found over 30 different tablet brands that came pre-installed with Cloudsota, all still available for sale online. The affected brands include companies like Alldaymall Tablet, FUSION5, JEJA 7 Zoll, JYJ 7, Tagital, and Yuntab SZ Wave.
All manufacturers are based in China. Coincidentally or not, two months ago, we reported on 24 smartphone models delivered to customers with pre-installed malware.
In that case, security firm G DATA suspected that middlemen in the supply chain were responsible for infecting the smartphones with malware. This might be the case yet again, since too many brands are affected to suspect them of running an organized crime ring.
Cheetah Mobile says it contacted all manufacturers, but none has responded to their request for comment.