Entry-level Chinese Android smartphones were infected with malware during assembly at the factory, a BuzzFeed News investigation found. Several low-cost models of the Tecno W2 brand indeed hide malware capable of subscribing to paid online services without your knowledge.
In partnership with Secure-D, a firm dedicated to IT security, our colleagues from BuzzFeed News have lifted the veil on the presence 2 Android malware preinstalled on Tecno W2 smartphones. Originally from China, the brand is intended for developing countries. Entry-level oriented, Tecno W2 phones are especially popular in African countries, such as Senegal, Egypt or Benin.
Also read: Your smartphone can catch fire because of this simple malware!
Triada and xHelper, 2 ultra dangerous Android malware
Upon investigation, Secure-D discovered two pieces of malware on certain phones marketed by Tecno W2, Triada and xHelper. In business since 2016, Triada is designed to siphon user data, steal bank details and subscribe users to premium online services. In the past, unscrupulous developers have installed Triada on smartphones from low-cost manufacturers like LEAGOO and Nomu right from assembly at the factory. The malware was injected during the installation of Android by third parties.
For its part, xHelper is even more dangerous. Unable to remove, the Trojan is able to reinstall itself automatically without the knowledge of its victims. It is especially designed for display intrusive advertisements on the screen. To go unnoticed, Xhelper will remove the shortcut icon from the smartphone screens of its victims. Most antiviruses on the market cannot detect the presence of the virus.
Transsion, parent company of Tecno W2, accuses unidentified independent developer
Asked by BuzzFeed, Transsion Holdings, parent company of Tecno W2, points to a “Unidentified supplier in the supply chain process”. To develop their Android overlay, many low cost Chinese companies use third party developers. Unlike brands like Xiaomi or OnePlus, these companies do not have the means to code their overlays in-house.
Sometimes, of developers embed malware in order to generate income. In most cases, manufacturers are not aware of the actions of its service providers. These independent developers are offering their services at a discount, according to the survey. Indeed, they are aware that the preinstalled malware will earn them more money than the contract with the manufacturer.
“We have always attached great importance to the security of consumer data and product safety. Every software installed on every device goes through a series of rigorous security checks, such as our own security scanning platform, including Google Play Protect, GMS BTS and VirusTotal test. »Says the Chinese group. Transsion also ensures that fraudulent income generated by malware has not been collected by it. Moreover, the group claims to have deployed patches to erase viruses from affected units.
A danger for the poorest users
This is not the first time that preinstalled malware has been identified by researchers. In early 2018, dangerous malware was spotted in 40 Android smartphones, including phones designed by Doogee or Leagoo. In 2016, 28 smartphone models fell victim to a preinstalled trojan during assembly. According to Secure-D, preinstalled malware is also hiding in terminals sold by Alcatel (and manufactured by TCL) in Brazil and Nigeria. More recently, Google discovered preinstalled malware on 7.4 million Android smartphones. Preinstalled malware has been on the rise in recent years, according to security experts at Google. “If you are able to infiltrate the supply chain from the start, you infect as many users as the number of devices sold” explains the Mountain View firm.
Ultimately, malware hidden during assembly mainly targets the poorest populations. “You get all of these great features on the cheap, but there is a hidden cost. There are many Chinese phones with malware installed in Africa “Said Kenneth Adu-Amanfoh, head of Africa Cybersecurity and Digital Rights Organization, an NGO dedicated to the protection of African Internet users. As the saying goes, if it’s free (or really cheap), you’re the product.