It is commonly believed that a brand new handset would be free from malware, adware and any malicious software. But, analysts Vojtech Bocek and Nikolaos Chrysaidos at Avast Threat Labs have proven it to be nothing else but a myth.
Avast researchers have identified adware malware that has already affected thousands of Android devices users worldwide within a month. According to their analysis, Android handsets manufactured by Archos, and ZTE have pre-installed malware dubbed as Cosiloon.
According to Avast’s blog post, this malware controls the device’s default browser to show an ad in an overlay format. Given that the malware is installed at the firmware level, it is quite difficult to delete it. It must be noted that a majority of the infected phones aren’t used in the US and aren’t certified by Google as well. The handsets are powered by Taiwan-based MediaTek chipsets.
Currently, several hundred handsets are infected and the models and versions vary as these include devices from a variety of different manufacturers. Avast researchers revealed that the adware was previously identified by Russian security researchers at Dr. Web who named it as Cosiloon and it has been active for the past three years at least.
Only in the previous month, it infected thousands of devices while the latest version of the adware is identified on nearly 18,000 devices that are owned by Avast users. A majority of these users are located in Germany, Italy, Russia and the UK and only a fraction of them are discovered in the US. Therefore, it cannot be stated that Cosiloon is not found in the US. The malware has infected devices in more than 100 countries.
List of infected devices identified by Dr. Web
MegaFon Login 4 LTE Irbis TZ85 Irbis TX97 Irbis TZ43 Bravis NB85 Bravis NB105 SUPRA M72KG SUPRA M729G SUPRA V2N10 Pixus Touch 7.85 3G Itell K3300 General Satellite GS700 Digma Plane 9.7 3G Nomi C07000 Prestigio MultiPad Wize 3021 3G Prestigio MultiPad PMT5001 3G Optima 10.1 3G TT1040MG Marshal ME-711 7 MID Explay Imperium 8 Perfeo 9032_3G Ritmix RMD-1121 Oysters T72HM 3G Irbis tz70 Irbis tz56 Jeka JK103
The full list of infected devices is available here.
When Google was notified about the adware, the company responded quickly and reduced Cosiloon’s capabilities on some of the models to a great extent. Google Play Protect has also been updated and Google is in contact with developers to get further information on this problem as well as to combat the malware.
Update:
Previously, Avast added myPhone to the list however it has been removed since according to an email sent by myPhone to HackRead it was revealed that “It turned out that there was a mistake. Avast removed myPhone from the text.”
See: Pre-installed malware on Android devices made $115k revenue in 10 days