Mobile

5/25/2018
02:40 PM
100%
0%

Android Malware Comes Baked into Some New Tablets, Phones

Ad-loading malware is being built into the firmware and operating system of some new tablets and phones from three major manufacturers.

Malware could be one of the features of your fancy new Android tablet. According to researchers at Avast, this malware isn't just pre-loaded: it's fully baked in.

Some phones and tablets from ZTE, Archos, and myPhone are coming with malware called Cosiloon pre-installed. It's an ad loader, and while it loads ads rather than steals information, it's also impossible to fully eradicate since it's built into the firmware of the infected devices.

There are two "dropper" apps that load ads over Web pages or games. One of the droppers is built into the firmware of the devices while the other is completely integrated into the operating system. Once active, they download ad presentation software that is highly sophisticated and thoroughly obfuscated, making the entire operation impossible to eradicate and very difficult to mitigate.

Avast found the malware on more than 18,000 devices in more than 100 countries. Most of the devices affected are not certified by Google, which is looking into remedies. Google said that as long as the malware is built into the firmware, there's really very little it can do.

For more, read here and here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ebyjeeby
50%
50%
ebyjeeby,
User Rank: Strategist
5/30/2018 | 7:18:15 PM
Google can't do anything about it?
stop licensing the OS to them
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/30/2018 | 7:09:26 PM
18K devices
Avast found the malware on more than 18,000 devices in more than 100 countries. It does no seems that many devices. But too many countries obviously.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/30/2018 | 7:07:50 PM
dropper
There are two "dropper" apps that load ads over Web pages or games. One of the droppers is built into the firmware of the devices while the other is completely integrated into the operating system Maybe Android should nor this much open, obviously they can do whatever they want in the OS level.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/30/2018 | 7:04:34 PM
Re: Recall/Return
So much so that if a recall hasn't been offered I would look towards returning the device Good advice. No need to deal with firmware problems, there are tons of good devices.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/30/2018 | 7:02:23 PM
Re: Recall/Return
As an Android user I would be extremely perturbed at baking this into the firmware. Agree. Firmware is hard to deal with. Why dont we go with Google devices, pixcel seems great.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
5/30/2018 | 7:00:22 PM
ZTE?
ZTE again. We keep hearing this name a lot these days. :))
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/29/2018 | 9:07:02 AM
Recall/Return
As an Android user I would be extremely perturbed at baking this into the firmware. So much so that if a recall hasn't been offered I would look towards returning the device. It's unacceptable.
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19186
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter.
CVE-2018-19187
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.
CVE-2018-19188
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter.
CVE-2018-19189
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement.
CVE-2018-19190
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter.