Thousands of cheap Android smartphones are being sold to customers with malware already installed, a new report has claimed.
Cybersecurity firm Avast has said that it found adware, dubbed Cosiloon, preloaded on several hundred different Android device models and versions, including on devices from brands such as ZTE, Archos, Prestigio and Medicom.
The security experts said the malware had been discovered on more than 18,000 phones used on sale in more than 90 countries, including the UK, German, US, Italy, Russia and Thailand.
The adware works by creating an annoying overlay that displays ads whenever the user tries to access a webpage.
Avast, which has reported its findings to Google said the devices were mainly found on cheap Android smartphones that had not been officially certified by the tech giant.
In a blog post, Avast said: “Several hundred different devices are affected.
“The affected devices usually sport a Mediatek chipset and are mostly low cost tablets.”
“The list [of affected devices]is likely so extensive because the malware was part of a chipset platform package which is reused for many similar devices with different brand names.
“We cross-checked many, but not all of the devices, and noticed that the chipset on the devices we inspected was from MediaTek. The devices run different Android versions ranging from 4.2 to 6.0.”
Devices certified by Google to run its Android operating system will include Google Play Protect malware scanning feature which will be able to identify and remove the Cosiloon adware.
Other anti virus apps should also be able to neutralize the threat from Cosiloon.
“Some antivirus apps report the payloads, sure, but the dropper will install them right back again and the dropper itself can’t be removed, so the device will forever have a method allowing an unknown party to install any application they want on it,” Avast added.
“We have seen the dropper install adware on the devices, however, it could easily also download spyware, ransomware or any other type of threat.”
“Avast Mobile Security can detect and uninstall the payload, but it cannot acquire the permissions required to disable the dropper, so Google Play Protect has to do the heavy lifting,” the firm said.
Avast’s findings should act as a warning to people who by cheap Android smartphones from lesser known manufacturers.
While many affordable Android handsets plenty others are not. When purchasing a new smartphone always do your research and opt for reputable and well known manufacturers.