ransomware_malware_skull
  • Smartphone devices distributed by a U.S. government program come with malware installed by default.
  • The malware can fetch and install any application it wants without the user ever being notified or asked.
  • The particular malware cannot be removed from the phone, as it is part of the “Settings” application.

The “Lifeline Assistance” program in the U.S. is a government-funded initiative carried through the FCC, aiming to provide a means of communication for low-income consumers. Through this program, subscribers can enjoy a discounted telecommunications service, affordable broadband internet access, and a cheap but capable device. This is where the problems begin, as Malwarebytes reports that they have discovered an unremovable piece of malware that comes pre-installed on the program’s phones. The security company has actually followed user reports and bought a UMX U686CL device to check the validity of their claims. Unfortunately, they are now confirming the fears about the existence of malware in these inexpensive phones.

detection
Source: Malwarebytes Blog

The company is now publishing the details of their findings after allowing the program’s representatives plenty of time to respond and explain, something that they have failed to do. So, the malware app is “Wireless Update”, and as the name suggests this is the app that is used for the fetching of important updates on the device. The particular tool has the permissions required to fetch and install anything without needing the user’s approval or consent. Upon further investigation, Malwarebytes figured that this app is basically just a variant of Adups, a known Chinese data collecting malware.

The researchers monitored the activity of “Wireless Update” and reviewed the additional apps that it downloaded and installed on the device. From what they could deduce, none of the fetched apps were malicious, but they were all installed on the device without displaying any notifications to the user. This means that the app could very easily fetch malicious payloads and there would be nothing to stand on its way. The best part is that this malware app is indispensable to the device’s Settings, and it can’t be removed. If it’s removed by force, the phone will be rendered unusable.

UMX_Made
Source: Malwarebytes Blog

The UMX device doesn’t only contain Chinese malware, but it is also made in China. Whether or not the makers of the hardware know, or are involved in the planting of the malware app is unknown, but this could be the case. This goes to show that the FCC should be more careful with how they source the hardware and software for their programs, as they straight out introduced privacy and security risks for thousands of lower-income citizens in the United States. Pre-installed unremovable malware is becoming a common problem for many phones out there, and it’s something that doesn’t concern only the inexpensive devices that are less vigorously tested anyway. Just yesterday, we reported a similar story about Samsung phones, involving Chinese spyware that users can’t remove.