Home » Consumer News »Public Policy & Gov't »Virgin Mobile »Wireless Broadband » Currently Reading:

Cheap $39 Smartphone Sold By a U.S. Subsidized Lifeline Provider is a Malware Nightmare

Phillip Dampier January 13, 2020 Consumer News, Public Policy & Gov't, Virgin Mobile, Wireless Broadband No Comments

The Unimax U683CL

An inexpensive $39 Chinese-made smartphone offered by a U.S. government-subsidized Lifeline mobile phone service provider is wide open to malware and trojan horse apps, leaving users exposed to privacy violations, adware, and auto-installed backdoor apps that might expose some to fraud.

Malwarebytes Labs, an online security company, issued a serious warning to the public about the Unimax U683CL smartphone’s compromised-from-the-box status, and criticized provider Assurance Wireless for selling the phone and ignoring repeated warnings sent to the company about the phone.

“Assurance Wireless by Virgin Mobile offers the UMX U683CL phone as their most budget conscious option. At only $35 [$39 as of Jan. 13, 2020] under the government-funded program, it’s an attractive offering,” Nathan Collier, a senior malware intelligence analyst at Malwarebytes Labs writes in a company blog. “However, what it comes installed with is appalling.”

Malwarebytes began getting complaints about the phone last fall, and secured one to investigate further. It quickly emerged the phone arrived with questionable software pre-installed:

The first questionable app found on the UMX U683CL poses as an updater named Wireless Update. Yes, it is capable of updating the mobile device. In fact, it’s the only way to update the mobile device’s operating system (OS). Conversely, it is also capable of auto-installing apps without user consent.

Thus, we detect this app as Android/PUP.Riskware.Autoins.Fota.fbcvd, a detection name that should sound familiar to Malwarebytes for Android customers. That’s because the app is actually a variant of Adups, a China-based company caught collecting user data, creating backdoors for mobile devices and, yes, developing auto-installers.

From the moment you log into the mobile device, Wireless Update starts auto-installing apps. To repeat: There is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own. While the apps it installs are initially clean and free of malware, it’s important to note that these apps are added to the device with zero notification or permission required from the user. This opens the potential for malware to unknowingly be installed in a future update to any of the apps added by Wireless Update at any time.

The second piece of unremovable malware is the UMX’s own “Settings” app, crucial to operating the phone. Researchers called this “heavily-obfuscated malware” that is detected as Android/Trojan.Dropper.Agent.UMX. This app quietly downloads and installs apps without the user’s permission, most recently including a variant of HiddenAds, which forces users to endure frequent advertising screens on their phone, even when not web browsing.

The malware activates the moment a user powers on their phone for the first time. Most customers will simply be annoyed if ad-related apps automatically install, but with a security-compromised phone opening the door to more malware in the future, this “lowers the bar on bad behavior by app development companies,” according to Collier.

“Budget should not dictate whether a user can remain safe on his or her mobile device. Shell out thousands for an iPhone, and escape pre-installed maliciousness. But use government-assisted funding to purchase a device and pay the price in malware? That’s not the type of malware-free existence we envision at Malwarebytes,” Collier said.

“We informed Assurance Wireless of our findings and asked them point blank why a U.S.-funded mobile carrier is selling a mobile device infected with pre-installed malware? After giving them adequate time to respond, we unfortunately never heard back,” Collier added.

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of

Search This Site:

Contributions:

Recent Comments:

  • Andrew: Good for them. Frontier thanks for holding everyone back all this time. /s...
  • Denis: Any thoughts on when we might get the upgrade in Rochester NY? It seems we’re always the last to get anything from Spectrum.......
  • Add Hunters: Would you like to have all your work done in one webite? You can do it all here...Visit us... A...
  • Marilyn: I cancelled my cable & phone service over the phone and just kept internet with Spectrum on 3/31, the guy tried everything to keep me, putting me ...
  • Cable TV Advisor: There are so many new options out there that offer assistance with getting affordable cable TV and satellite service. Some even offer no credit checks...
  • Robin Sesko: I negotiated a new price for 12 months. No contract was discussed. They told me to call back in 12 months to renegotiate again. When I went to canc...
  • Dylan: While in a way I feel sorry for Windstream, I don’t really. It’s dsl is slow and it’s a failing company relying on old customers for its support. If y...
  • Michael C Richards: Who is more likely to eventually make it to heaven, a low level Nazi or a Spectrum executive? My money's on the Nazi, his sins are in the past while ...
  • Damian Kumor: I used to live in Copley which is next to Fairlawn. I didn't even know they had that....
  • Tim: The same thing happened to me a few years ago when it was still TWC. Only then I think the fee was $25. I was able to call and have it taken off, I th...
  • YouForgotJohn_NotVandon: How many times do I need to mock your repetitive trolling comment?....sigh maybe your name is an acronym. Virtually Annoying Nag Droning On Neverendin...
  • NotKim: I'm not Kim, and I've never considered Granite Telecommunications. ...and I don't really care to either. Goooo AWAAAAAY!...

Your Account: