Home - , - 2 Unremovable Malware Found on Unimax U686CL

2 Unremovable Malware Found on Unimax U686CL

Uh oh! It looks like there might be some problem with some low-end smartphones that were sold through a government-subsidized program. As discovered by Malwarebytes, a security firm, some of these devices contained an unremovable malware.

More specifically, the issue affected Unimax U686CL smartphones. These devices were sold by Assurance Wireless, a wireless service provider owned by the Virgin Mobile Group. In turn, the telco sold these devices under Lifeline, a government-funded program that gave low-income Americans cell phone service. The smartphone was manufactured in China.

According to the security firm, there were plenty of complaints coming from "users with a government-issued phone". The users all reported that the a few of the pre-installed apps on their devices were malicious. These complaints came in the later part of 2019.

As a way of verifying the issue, the security firm purchased the same device and analyzed it. From there, they were able to verify that there was, indeed, unremovable malware on some pre-installed apps. One of the discoveries made by the company was that one of the components of the phone contained the Adups malware. They found this on an app called Wireless Update.

This malware was first discovered by Kryptowire in 2017. It was found to be a malicious firmware component that a Chinese company created under the same name. The company provided a firmware-over-the-air (FOTA) system update to the smartphone manufacturers and firmware sellers. It was originally intended as a way for firmware vendors to update the code. But it was discovered that the company was able to use the malware to send out updates to the phones of the users, and even bypassed both the vendors and users. 

Malwarebytes discovered that this component was present in the UMX devices. They also found out that the component was being used for apps to be installed without the knowledge of the user.

"From the moment you log into the mobile device (the UMX U686CL), Wireless Update starts auto-installing apps. To repeat: there is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own."
Even though the apps being installed are clean and free of malware, it's still scary to think that users are not being notified of any updates. What's even worse is that it does not require permission to start installing apps. This thought alone poses a security risk that the devices could get compromised in the future.

Unfortunately, this is not the only dangerous component that Malwarebytes discovered on the device. In addition to Adups malware, the researches found suspicious code on the Settings app of the phone.

As discovered, the app contained a strain of heavily-obfuscated malware that they believed to have originated from China due to the usage of Chinese characters as variables. The researchers found out that the malware was coded to function as a dropper for a second-stage malware payload, or what is better known as HiddenAds. 

At this point, it is still unclear who is running the malware. The researchers at Malwarebytes are still unsure if Unimax was responsible for adding the malware to the devices. It's also likely that the malware was added by third-party groups who were involved in the supply chain of the device.

Despite these two malwares discovered, Malwarebytes says that the device "is not a bad phone." The presence of these infected apps, however, deem it worthless and dangerous to those using it. And the fact that these malicious apps are unremovable make it all the more risky to use. There is an option to disable and uninstall the Wireless Update app, but it could mean that the device could miss out on important security updates.

According to the security firm, they already disclosed their findings to Assurance Wireless but they still did not get a response from them.

Source: Ars Technica 

0 comments to "2 Unremovable Malware Found on Unimax U686CL"

Leave a comment

All comments must be approved before they will appear. The following types of comments will not be approved: off topic comments, insults or personal attacks directed at other commenters, bigotry, hate, sexism and profanity.