More Malware Found Preinstalled on Government Smartphones

Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.

Dark Reading Staff, Dark Reading

July 9, 2020

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Another Android smartphone provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile comes with malware preinstalled, Malwarebytes researchers report. 

This marks the second time this year researchers found malware preinstalled on government-funded phones. Back in January, Malwarebytes discovered unremovable Chinese malware on the Unimax U683CL, the cheapest smartphone offered by the Lifelife Assistance program. Lifeline is supported by the federal Universal Service Fund, a government program launched in 1985 to provide discounted phone service to low-income households.

Following the first disclosure, Malwarebytes heard from customers whose phones exhibited similar behavior. Further research revealed another smartphone with preinstalled malware.

This time, the affected model is an American Network Solutions (ANS) UL40 running Android OS 7.1.1. While it's unclear whether this phone is currently available via Assurance Wireless, the researchers note its user manual is still on the Assurance Wireless website. Based on this, it assumes the phone is still available and warns some ANS UL40 customers may still be affected.

Like the UMX U683CL, the ANS UL40 comes with a compromised Settings app and Wireless Update app. Researchers say the two models don't have the same malware variants, though the infections are similar. The ANS UL40 comes with Android/Trojan.Downloader.Wotby.SEK. Its Settings app is able to download apps from a third-party app store, which researchers note is "unsettling" but say the apps from this store appear to be malware-free. That said, it's important to keep in mind that malware could still potentially be uploaded at a later date.

WirelessUpdate is classified as a Potentially Unwanted Program (PUP) riskware auto-installer, which is able to automatically install applications without the user's consent or knowledge. The app's main function is to facilitate security patches and operating system updates; however, researchers found it auto-installed four different variants of HiddenAds on the ANS UL40.

Read more details here.

 

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events