The Unimax UMX U686CL is a Chinese-made smartphone distributed by the federally funded Assured Wireless by Virgin Mobile has been found to come pre-loaded with two malicious applications.
Malwarebytes researchers found the malware every owner finds on their phone is Wireless Update and amazingly the device’s own Settings app, neither of which can be removed from the phone or it will not operate properly.
Nathan Collier, Malwarebytes senior malware intelligence analyst, said settings functions as a heavily obfuscated trojan dropper detected as Android/Trojan.Dropper.Agent.UMX. After being installed one of the first pieces of malware dropped is HiddenAds.
The Malwarebytes team was able to witness this first-hand as the UMX U686CL it bought as a test bed was soon infected with HiddenAd adware. Malwarebytes reported the adware runs silently in the background, creates no icon and the only way to tell it is functioning is through device’s notifications bar area. Unlike a typical notification, it cannot be turned off or removed by swiping, instead an uninstall process must be undertaken.
“If you press and hold the notification, it will give the option to go to MORE SETTINGS. After clicking MORE SETTINGS, it will take you to the app’s notification settings. From there, press the app’s icon at the top. Lastly, it will take you to the app’s App info, where you can uninstall,” wrote Collier.
HiddenAd has been operating in the wild since spring 2019, but reports of malicious activity began climing in October 2019.
Wireless Update is the device’s primary method of receiving operating system updates, but Collier noted it also has the ability to auto-install apps without the user’s permissio ..