Two malicious apps pre-loaded on government-issued phones

Jan 10, 2020 08:40 GMT  ·  By

The Lifeline Assistance program that the United States government has launched to provide low-income households with access to new-generation technology includes not only cheap Android phone for these customers, but also malware they can’t remove.

Security company Malwarebytes discovered that the UMX U686CL phone, available from Assurance Wireless by Virgin Mobile, features two different malicious applications that are tied to critical system files.

The first malware infection on the $35 Android phone was disguised as a Wireless Update app, which is being used to push new software update to the smartphone.

“Yes, it is capable of updating the mobile device. In fact, it’s the only way to update the mobile device’s operating system (OS). Conversely, it is also capable of auto-installing apps without user consent,” Nathan Collier of Malwarebytes explains.

Chinese malware

The researchers eventually discovered that the app is a variant of Adups, a Chinese company that has already been involved in privacy scandals, as it previously developed backdoors and auto-installers for mobile devices, while also trying to collect user data.

“From the moment you log into the mobile device, Wireless Update starts auto-installing apps. To repeat: There is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own,” Collier notes.

“While the apps it installs are initially clean and free of malware, it’s important to note that these apps are added to the device with zero notification or permission required from the user. This opens the potential for malware to unknowingly be installed in a future update to any of the apps added by Wireless Update at any time.”

The second instance of malware was detected as Android/Trojan.Dropper.Agent.UMX, and this time it was tied to the Settings app. Removing it is impossible since it’s a critical system app – deleting the wireless updater is something that can be done, however, but given it also provides the device with software updates, many might be reluctant to doing so.

Malwarebytes warns that many other budget smartphones could come with similar pre-loaded malware that can’t be removed.

“It’s important to realize that UMX isn’t alone. There are many reports of budget manufactures coming pre-installed with malware, and these reports are increasing in number,” Collier states.

The security company says it has already contacted Assurance Wireless to warn of the malware but received no response.