Malwarebytes finds more malware preinstalled on US Government Funded Low-Cost Smartphones
The phones are part of the US Government’s Lifeline Assistance program. The infected smartphones are supplied Assurance Wireless by Virgin Mobile.
The affected model is an American Network Solutions (ANS) UL40 running Android OS 7.1.1. The phone comes with preinstalled compromised Settings app and Wireless Update app, according to a report by cyber security researchers at Malwarebytes.
FCC Lifeline Assistance program
The Lifeline Assistance program is administered by the Federal Communications Commission (FCC) and supported by the federal Universal Service Fund which was started in 1985. Lifeline provides discounted landline and cellular phone service to low-income households. The program is administered by the Universal Service Administrative Company (USAC). It provides discounts and funding for smartphones, landlines phones, broadband connections.
Malware Cannot Be Removed
The ANS UL40 phone comes with preinstalled malware. Both the Settings App and the Wireless Update app are compromised.
The Settings app is a required system app that, like the name says, controls the phone’s settings. However, it is infected with Android/Trojan.Downloader.Wotby.SEK malware. The Settings app cannot be removed from any phone – infected or not – because the phone would no longer function.
RELATED READ: Some Android Adware May Be Unremovable
Settings app
So far, the Settings app had not downloaded anything else to the phone. “Nevertheless, there is enough evidence that this Settings app has the ability to download apps from a third-party app store. This is not okay. For this reason, the detection stands,” says Malwarebytes.
Previous Malware on Government Phones
Earlier this year, Malwarebytes discovered Chinese malware on the Unimax U683CL. This phone also had a compromised Settings app and Wireless Update app – but did have not the same malware variant as the ANS UL40.
The Unimax U683CL is the lowest cost smartphone available through the Lifeline Assistance program.
Wireless Update app
The WirelessUpdate app is also infected with malware – four variants of Android/Trojan.HiddenAds malware. The Updater app does what the name says – it automatically updates apps when patches become available. Updates occur in the background without any interaction from the user. Although the app is not exhibiting any malicious behavior at this time, it could download another malware at any time in the future since the malware has full permission to download anything.
The WirelessUpdate app had downloaded four variants of HiddenAds malware to the phone examined by Malwarebytes.
- Merica
- Clean Master
- Beauty
- Mischi
Adware is a type of malware that displays advertisements in web browsers and in apps on a mobile device or computer. The adware is often dripped onto a device by a file legitimate file downloader that has been compromised to include a Trojan downloader.
The advertisements are annoying. It can be difficult to find the source of the malware. A reliable antimalware app like Malwarebytes can help detect and remove adware, spyware, and other types of malware. It is important to use a malware app like Malwarebytes that is updated with the latest security threats, so your phone is protected.
Earlier this week Kaspersky Labs researchers released a report on adware that comes preinstalled in low-end Android phones. The adware is added by device manufacturers and serves as an additional revenue stream. Phone users have to endure watching advertisements in apps because of the adware injects advertisements.
Like these government phones, the adware is not removable because it is embedded in system partitions and system apps that are critical to the phone’s operating system and hardware.
