• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Government Cyber Security » Malware Found on US Government Funded Phones

Malware Found on US Government Funded Phones

2020-07-09 by Keith Harlock

Lifeline Smartphone malware

Malwarebytes finds more malware preinstalled on US Government Funded Low-Cost Smartphones

The phones are part of the US Government’s Lifeline Assistance program. The infected smartphones are supplied Assurance Wireless by Virgin Mobile.

The affected model is an American Network Solutions (ANS) UL40 running Android OS 7.1.1. The phone comes with preinstalled compromised Settings app and Wireless Update app, according to a report by cyber security researchers at Malwarebytes.

FCC Lifeline Assistance program

The Lifeline Assistance program is administered by the Federal Communications Commission (FCC) and supported by the federal Universal Service Fund which was started in 1985. Lifeline provides discounted landline and cellular phone service to low-income households. The program is administered by the Universal Service Administrative Company (USAC). It provides discounts and funding for smartphones, landlines phones, broadband connections.

Malware Cannot Be Removed

The ANS UL40 phone comes with preinstalled malware. Both the Settings App and the Wireless Update app are compromised.

The Settings app is a required system app that, like the name says, controls the phone’s settings. However, it is infected with Android/Trojan.Downloader.Wotby.SEK malware. The Settings app cannot be removed from any phone – infected or not – because the phone would no longer function.

RELATED READ: Some Android Adware May Be Unremovable

Settings app

So far, the Settings app had not downloaded anything else to the phone. “Nevertheless, there is enough evidence that this Settings app has the ability to download apps from a third-party app store. This is not okay. For this reason, the detection stands,” says Malwarebytes.

Previous Malware on Government Phones

Earlier this year, Malwarebytes discovered Chinese malware on the Unimax U683CL. This phone also had a compromised Settings app and Wireless Update app – but did have not the same malware variant as the ANS UL40.

The Unimax U683CL is the lowest cost smartphone available through the Lifeline Assistance program.

Wireless Update app

The WirelessUpdate app is also infected with malware – four variants of Android/Trojan.HiddenAds malware. The Updater app does what the name says – it automatically updates apps when patches become available. Updates occur in the background without any interaction from the user. Although the app is not exhibiting any malicious behavior at this time, it could download another malware at any time in the future since the malware has full permission to download anything.

The WirelessUpdate app had downloaded four variants of HiddenAds malware to the phone examined by Malwarebytes.

  • Merica
  • Clean Master
  • Beauty
  • Mischi

Adware is a type of malware that displays advertisements in web browsers and in apps on a mobile device or computer. The adware is often dripped onto a device by a file legitimate file downloader that has been compromised to include a Trojan downloader.

The advertisements are annoying. It can be difficult to find the source of the malware. A reliable antimalware app like Malwarebytes can help detect and remove adware, spyware, and other types of malware. It is important to use a malware app like Malwarebytes that is updated with the latest security threats, so your phone is protected.

Earlier this week Kaspersky Labs researchers released a report on adware that comes preinstalled in low-end Android phones. The adware is added by device manufacturers and serves as an additional revenue stream. Phone users have to endure watching advertisements in apps because of the adware injects advertisements.

Like these government phones, the adware is not removable because it is embedded in system partitions and system apps that are critical to the phone’s operating system and hardware.

Filed Under: Government Cyber Security Tagged With: Android

About Keith Harlock

Keith has 30 years of experience managing staff for the planning and design of highway, bridge and transportation-related projects and specialty structures. Keith oversees the development of and authors numerous reports on a variety of topics related to transportation engineering and has worked with several key clients on projects related to infrastructure security. Keith is a licensed professional engineer in the State of New York, currently a State Board member of the American Council of Engineering Companies of New York and is a licensed commercial pilot with an instrument rating. He resides in Western New York.


LinkedInTwitter

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version