IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FCC is supplying malware-loaded phones to low-income users

Budget handsets are pre-installed with malicious apps that leak data to Chinese hackers, report finds

A federal programme supplying cheap mobile phones to low-income US citizens has been accidentally selling handsets loaded with Chinese malware that can’t be removed.

The UMX U686CL handset, available at just $35 under the FCC’s Lifeline Assistance programme, is being distributed with pre-loaded software that creates backdoors that could potentially leak user data.

The UMX handsets, distributed through Virgin Mobile’s Assurance Wireless scheme, are bundled with an app called ‘Wireless Update’. Researchers discovered this is an offshoot of Adups, a Chinese firm known for harvesting user data and building auto-installers.

Wireless Update, incidentally, is the only way users can update the handset’s operating system.

The phone’s own Settings app, too, functions as a cleverly disguised piece of malware that cannot be removed or else the devices becomes entirely unusable. 

“Pre-installed malware continues to be a scourge for users of mobile devices,” said senior malware intelligence analyst with Malwarebytes, Nathan Collier. 

“But now that there’s a mobile device available for purchase through a US government-funded program, this henceforth raises (or lowers, however you view it) the bar on bad behaviour by app development companies.”

“Budget should not dictate whether a user can remain safe on his or her mobile device.”

Phone manufacturers paying to install pre-loaded apps containing potentially harmful code is a worrying trend, increasingly highlighted by security experts.

Researchers highlighted their concerns in a paper last year, identifying variants of well-known malware families loaded into pre-installed apps supplied in predominately low-end range phones. 

Malwarebytes was first alerted to complaints around government-issued phones from its users in October 2019, before purchasing a UMX U686CL to investigate further.

After learning that Wireless Update was flagged with a malicious detection name, Malwarebytes informed Virgin’s Assurance Wireless scheme of the potential dangers - but did not hear back.

Wireless Update begins auto-installing apps the moment users sign into their device but doesn’t ask users for consent for any installations. While the app installs are initially malware-free, the apps are added with no notifications or attempts to seek user consent.

This arrangement, researchers argue, opens the door for malware to be unknowingly installed in future updates to any of the apps automatically added by Wireless Update.

To compound the issue, the malicious Settings app serves as the dashboard from which the phone’s settings are changed, and cannot be removed without bricking these devices. The malware also shares characteristics with other known Trojans.

The Settings app contains a string within its code that, when decoded, revealed a hidden library file. When activated, this is loaded into the device’s memory before dropping a further piece of malware known as HiddenAds.

Related Resource

Strengthen your defences against cybercrime

Cyber resilience planning for email

Download now

Collier added there’s currently no way to uninstall pre-installed apps on devices like the UMX, and doing so, in any case, would lead to dire consequences for usability.

Uninstalling Wireless Update, for example, could lead users to miss out on critical operating system patches, given it’s the only way to update the phone’s software. Removing Settings, meanwhile, would brick the phone entirely.

Although the UMX situation adds a unique dimension to phones that come with pre-installed malware, given these are supplied by the US government, it’s not entirely uncommon.

Research published in 2017 showed a plethora of Android devices, from device makers including Samsung, LG, Asus, Opp, and Xiaomi, among others, were packaged and sold with pre-installed malware.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022