Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

7/8/2020
04:55 PM
100%
0%

More Malware Found Preinstalled on Government Smartphones

Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.

Another Android smartphone provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile comes with malware preinstalled, Malwarebytes researchers report. 

This marks the second time this year researchers found malware preinstalled on government-funded phones. Back in January, Malwarebytes discovered unremovable Chinese malware on the Unimax U683CL, the cheapest smartphone offered by the Lifelife Assistance program. Lifeline is supported by the federal Universal Service Fund, a government program launched in 1985 to provide discounted phone service to low-income households.

Following the first disclosure, Malwarebytes heard from customers whose phones exhibited similar behavior. Further research revealed another smartphone with preinstalled malware.

This time, the affected model is an American Network Solutions (ANS) UL40 running Android OS 7.1.1. While it's unclear whether this phone is currently available via Assurance Wireless, the researchers note its user manual is still on the Assurance Wireless website. Based on this, it assumes the phone is still available and warns some ANS UL40 customers may still be affected.

Like the UMX U683CL, the ANS UL40 comes with a compromised Settings app and Wireless Update app. Researchers say the two models don't have the same malware variants, though the infections are similar. The ANS UL40 comes with Android/Trojan.Downloader.Wotby.SEK. Its Settings app is able to download apps from a third-party app store, which researchers note is "unsettling" but say the apps from this store appear to be malware-free. That said, it's important to keep in mind that malware could still potentially be uploaded at a later date.

WirelessUpdate is classified as a Potentially Unwanted Program (PUP) riskware auto-installer, which is able to automatically install applications without the user's consent or knowledge. The app's main function is to facilitate security patches and operating system updates; however, researchers found it auto-installed four different variants of HiddenAds on the ANS UL40.

Read more details here.

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.