Some Chinese smartphones are shipping with malware that aims to steal your money

Update: August 25, 2020, 1:40 PM: We had reached out to Tecno for a statement on the issue and this article has been updated to reflect that statement.

According to Secure-D and BuzzFeed News, the low-cost Tecno W2 smartphone has shipped with a malware that subscribes to paid services to steal the user’s money. The budget smartphone sells in African countries like Egypt, Ghana, and South Africa along with Indonesia and Myanmar.

The malware in question here is the Triada and xHelper software. It silently downloads and subscribes to apps which are paid services. This causes the user to have not only high bills but high consumption of data as well. The thing is, this budget smartphone is attractive to the poorer section of society, those looking for budget smartphone offerings. The biggest downside is that this malware cannot be removed even by factory resetting the smartphone. 

According to Android Authority, “Transsion, the China-based company behind the Tecno brand, has pinned the malware on an unnamed “vendor in the supply chain process.” It said that it delivered fixes for Triada in March 2018 and xHelper in late 2019. However, the issue doesn’t appear to have gone away. Secure-D said it was still blocking Triada and xHelper on Transsion phones through April 2020, and it may simply be dormant”.

This isn’t the first time the malware has made an appearance. According to Secure-D, the pre-installed malware was previously discovered on Alcatel phones made by TCL in markets like Brazil, Malaysia, and Nigeria.

Kenneth Adu-Amanfoh, the executive director of the Africa Cybersecurity and Digital Rights Organization told BuzzFeed, “You have all these wonderful features for cheap, but there is a hidden cost. There are a lot of Chinese phones that have malware installed on it.”

According to the BuzzFeed report, “People in the United States are also being exploited. Earlier this year, Malwarebytes, a security service, found preinstalled malware of Chinese origin in two phones offered to citizens with low incomes as part of the US government’s Lifeline program, which provides subsidized phones and mobile data. Both phones were made by Chinese companies.”

In case you were wondering how severe the malware is, the security firm Secure-D has “blocked 844,000 transactions connected to preinstalled malware on Transsion phones between March and December 2019”.

We reached out to Tecno mobiles for a statement on the issue and here is what they had to say. The statement reads, "After a thorough investigation, it was identified that Triada was an old and solved mobile security issue globally, and the fix/solution to the W2 Triada problem was released to all consumers on March 20th 2018. TECNO identified the Triada issue back on March 1st 2018 with a certain version of W2 as the only infected W2 devices across all series of TECNO mobile phones. At the initial time of detecting the issue, we put together a security team to work on the solution, and released the first official OTA fix to consumers on March 20th 2018 with rigorous system tests and GMS test set out by Google. By April 30th, 2018, the official OTA fixes adapted for different versions of W2 devices were released, assuring that the problem was fixed once the consumer accepted the system update by installing the fix. For current W2 consumers that are potentially facing Triada issue now, they are highly recommended to download the OTA fix through their phone for installation, or contact TECNO’s after-sales service support for assistance if any questions".

The statement goes on to say, "At TECNO, we have always attached great importance to consumers’ data security and products safety. Every single software installed on each device runs through a series of rigorous security checks, such as our own security scan platform, Google Play Protect, GMS BTS and VirusTotal test. In addition, a 90-day security patch update is periodically delivered to TECNO consumers to ensure that the security of our products and protection of consumers’ devices from malware infection aren’t compromised".

"About xHelper, whose behaviour was similar to Triada, was a separate global mobile security issue firstly appeared in 2019. We have deployed professional security tools such as GMS BTS and VirusTotal to detect the xHelper issue since last November. All TECNOs new product releases and software maintenance releases for old products must go through the test. No reports of xHelper have ever been detected since then" the statement concludes. 

Due to the ongoing pandemic, everyone is resorting to staying indoors and this has led to educational institutes and offices move to a study from home and work from home model. The lower-income group of society has resorted to budget smartphones to ensure they can stay connected and their children can participate in online classes. 

Chinese brand Huawei is under scrutiny for spying and the world is moving towards banning TikTok for security reasons. In India, local manufacturing is looking to ramp up as local consumers have an anti-China sentiment due to the recent tensions on the border. Brands like Micromax are looking to make a comeback in India while Apple is not only beginning the production of the iPhone SE 2020 in India but also looking to Assemble its upcoming iPhone 12 in India by the middle of 2021.

Follow Us

Sameer Mitha

Sameer Mitha lives for gaming and technology is his muse. When he isn’t busy playing with gadgets or video games he delves into the world of fantasy novels. View Full Profile