430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pre-Installed malware spotted on other Android phones sold in US

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. In January, Malwarebytes researchers discovered that the […]

pre-installed malware

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States.

Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January.

In January, Malwarebytes researchers discovered that the UMX U686CL phone was sold with pre-installed malware as part of the government-funded Lifeline Assistance program by Virgin Mobile.

The phone was being shipped to users with two malicious malware masqueraded as Wireless Update application and a Settings app respectively.

Now, the ANS (American Network Solutions) UL40 running Android 7.1.1. phone model provided through the Lifeline Assistance program was found with pre-installed malware.

“We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile.  This time, an ANS (American Network Solutions) UL40 running Android OS 7.1.1.” reads the post published by Malwarebytes.

“To clarify, it is unclear if the phone in question, the ANS UL40, is currently available by Assurance Wireless. However, the ANS UL40 User Manual is listed (at the time of this writing) on the Assurance Wireless website.”

Like the UMX U686CL model, also the ANS UL40 comes with malicious programs masquerades as Settings and Wireless Update apps, but experts noticed that the malware families involved in the two cases are different.

The Settings app hides the Android/Trojan.Downloader.Wotby.SEK, while Wireless Update would fetch three variants of Android/PUP.Riskware.Autoins.Fota.

pre-installed malware

WirelessUpdate is classified as a Potentially Unwanted Program (PUP) riskware auto-installer that could auto-install apps without user knowledge. The app also acts to update the software running on the phone.

Experts noticed that the digital certificate used for the Settings app on ANS UL40 is has the common name of teleepoch, where TeleEpoch Ltd is the company that registered the brand “UMX” in the United States.

“Let’s review. We have a Settings app found on an ANS UL40 with a digital certificate signed by a company that is a registered brand of UMX. For the scoreboard, that’s two different Settings apps with two different malware variants on two different phone manufactures & models that appear to all tie back to TeleEpoch Ltd.” continues Malwarebytes. “Additionally, thus far the only two brands found to have preinstalled malware in the Settings app via the Lifeline Assistance program are ANS and UMX,”

Researchers also discovered that the ANS L51 phone was delivered with pre-installed malware, the same family that was spotted on the UMX U683CL.

“There are tradeoffs when choosing a budget mobile device. Some expected tradeoffs are performance, battery life, storage size, screen quality, and list of other things in order to make a mobile device light on the wallet.” concludes the post. “However, budget should never mean compromising one’s safety with pre-installed malware. Period.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – pre-installed malware, mobile)

[adrotate banner=”5″]

[adrotate banner=”13″]