The Unimax UMXU686CL is a Chinese-made smartphone distributed by the federally funded AssuredWireless by Virgin Mobile has been found to come pre-loaded with two maliciousapplications.
Malwarebytesresearchers foundthe malware every owner finds on their phone is Wireless Update and amazingly thedevice’s own Settings app, neither of which can be removed from the phone or itwill not operate properly.
NathanCollier, Malwarebytes senior malware intelligence analyst, said settingsfunctions as a heavily obfuscated trojan dropper detected as Android/Trojan.Dropper.Agent.UMX.After being installed one of the first pieces of malware dropped is HiddenAds.
The Malwarebytesteam was able to witness this first-hand as the UMX U686CL it bought as a testbed was soon infected with HiddenAd adware. Malwarebytes reported the adwareruns silently in the background, creates no icon and the only way to tell it isfunctioning is through device’s notifications bar area. Unlike a typical notification,it cannot be turned off or removed by swiping, instead an uninstall processmust be undertaken.
“If youpress and hold the notification, it will give the option to go to MORESETTINGS. After clicking MORE SETTINGS, it will take you to the app’snotification settings. From there, press the app’s icon at the top. Lastly, itwill take you to the app’s App info, where you can uninstall,” wrote Collier.
HiddenAd hasbeen operating in the wild since spring 2019, but reports of malicious activitybegan climing in October 2019.
Wireless Updateis the device’s primary method of receiving operating system updates, but Colliernoted it also has the ability to auto-install apps without the user’spermission. Something it begins to do immediately upon activation.
Wireless Updateis a variant of the previously known Adups, a Chinese company that has beencaught collecting data and installing auto installers.
Support the originator by clicking the read the rest link below.
