What to Do If Malware Appears on Your Budget Android Phone
There is nothing wrong with sending the US government’s ” Bridge of Life ” aid program. This allows those on substantially low incomes – 135 percent or less than the Federal Poverty Ratio, or less than $ 16,862 for a single family – to receive discounted or free phones and wireless services.
However, having malware pre-installed on one of the phones on offer is a big problem. At least that’s a claim from MalwareBytes, which has noticed some problems with apps pre-installed on one such phone, the Unimax U686CL sold by Virgin Mobile’s Assurance Wireless . Here ‘s what he found :
“The first questionable application found on the UMX U686CL is an updater called Wireless Update. Yes, it can update mobile device. In fact, this is the only way to update the operating system (OS) of a mobile device. Conversely, it can also automatically install applications without the user’s consent.
So we define this app as Android / PUP.Riskware.Autoins.Fota.fbcvd, the name of the detection that Malwarebytes for Android users should be familiar with. That’s because the app is actually a variant of Adups, a Chinese company that collects user data, builds backdoors for mobile devices and, yes, develops automatic installers. “
And that’s not all. The second app found on the smartphone – its own Settings app, no less – was actually a Trojan dropper that MalwareBytes classifies as “Android / Trojan.Dropper.Agent.UMX”. As soon as it boots up, it drops a second malware on users’ phones (the third of all, if we think), which then fills your device with annoying ads. Fun.
Assurance Wireless told ZDNet in a statement that they are “aware of this issue and are contacting the manufacturer of the Unimax device to find out the root cause, but after our initial testing, we do not believe the applications described in the media are malware. “
It’s easy to fix, right?
Here’s the worst news: In this case, there is nothing you can do about these pre-installed problems. You could theoretically get rid of the Wireless updates app, but then the device won’t receive updates and that’s security (and features) an issue in and of itself. Delete the settings, and even I’m not sure what will happen to your phone. I suspect it will fail.
Malwarebytes offers some Frankenstein-like solutions in which you try to remove the offending application and replace it with a clean, identical version of the same application. This is a lot of work with no guarantee of success; So much so that even Malwarebytes admits that the best way to deal with the pre-installed malware on your smartphone is to simply avoid smartphones with these problems.
However, this is easier said than done. If you have used the UMX U686CL, then you are already infected. It is unclear what additional malicious apps, if any, were downloaded to your device, but I highly recommend that you download important data elsewhere – on a connected computer or into the cloud – and reset your phone to factory settings. After that, return it to where you bought it. If this is not possible, dispose of it and buy something else.
If you buy another budget smartphone …
Should you buy another budget phone? You can of course; however, Malwarebytes notes that more and more budget Android devices have been popping up with malware preinstalled lately. One or two quick searches are enough to find many more posts about this practice.
If you choose a different one, you should install the Malwarebytes Android app and see if it finds anything – don’t jump for the unnecessary premium package if you’re trying to troubleshoot pre-installed issues. Otherwise, I recommend setting a Google alert for your smartphone model (eg “UMX U686CL”) so that you can get a quick notification if or when someone detects a problem on your device.
And, as always, if you spot something fishy on your phone – strangely named apps that didn’t exist before, new advertisements popping up out of nowhere, and the like – chances are good that you have a malware problem. You might want to do more investigation, resist the urge to give your device more personal information (like social security number or credit card information), and maybe start shopping for another smartphone.