Android devices being shipped with pre-installed malware: Avast

By IANS | Published on 25 May 2018
Android devices being shipped with pre-installed malware: Avast

Avast has found an adware named "Cosiloon" installed on hundreds of Android devices. This malware hijacks the browser on a device to create ad overlays, says Avast.


IBM Developer Contest

Take the quiz to test your coding skills and stand a chance to win exciting vouchers and prizes upto Rs.10000

Click here to know more

Thousands of Android devices, including those from manufacturers like ZTE, Archos and myPhone, are being shipped with pre-installed malware globally including in India, global cyber-security company Avast claimed on Friday. A majority of these Android devices are not certified by Google and carry an adware that goes by the name "Cosiloon", which creates an overlay to display an advertisement over a webpage within the user's browser, as per a report prepared by Avast Threat Labs. It also said that it has found such adware pre-installed on hundreds of Android models.

"Thousands of users are affected and in the past month alone, Avast Threat Labs has seen the latest version of the adware on around 18,000 devices belonging to Avast users located in more than 100 countries, including Russia, Italy, Germany, India, Mexico, the UK as well as some users in the US," the company said in a statement.

The adware which was previously described by Dr Web (a Russian IT-security solutions vendor) has been active for at least three years and is difficult to remove as it is installed at the firmware level and uses strong obfuscation. The Avast Threat Labs said it was in touch with tech giant Google and the latter has taken steps to mitigate the malicious capabilities of many app variants on several models, using internally developed techniques. Google has reached out to firmware developers to bring awareness to these concerns and encouraged them to take steps to address the issue, it added.

"Malicious apps can, unfortunately, be installed on firmware level before they are shipped to customers, probably without the manufacturer's knowledge," said Nikolaos Chrysaidos, Head of Mobile Threat Intelligence and Security at Avast.

According to the report, it is not clear how the adware got onto the devices. The malware authors kept updating the control server with new payloads. Manufacturers also continued to ship new devices with the pre-installed dropper. 

"Some anti-virus apps report the payloads, but the dropper will install them right back again and the dropper itself can't be removed, so the device will forever have a method allowing an unknown party to install any application they want on it," the report informed. 

Users can find the dropper in their settings (named "CrashService", "ImeMess" or "Terminal" with generic Android icon), and can click the "disable" button on the app's page, if available (depending on the Android version). 

This will deactivate the dropper and once Avast removes the payload, it will not return again, the company says.


Indo-Asian News Service

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status