It’s no surprise that upon buying a new smartphone, you’re greeted with a handful of apps with some of them being useful and many of them installed as bloatware, which at most times are harmless. What we don’t know is that many cheap Android devices from lesser known brands come shipped with malware that brings with it several security risks.
According to antivirus vendor Avast, several thousand Android devices from over 140 models have come shipped with pre-loaded malware which has come to be known as “Cosiloon”. The adware has not only been found on lesser known brands but also on devices manufactured by ZTE and Archos, dating back to 2016 when it was first spotted.
Cosiloon, as reported by Avast, was not found on these devices as an app installed by the users but being pushed to these devices as part of a “dropper” program that was loaded into the firmware of the devices. With the malware thus embedded onto the device through the firmware itself, users were thus greeted with pop-up ads that annoyingly asked them to install a hideous app or another.
Avast said that the presence of this adware has been detected in over 18,000 devices. Having evolved through the years, Cosiloon is extremely hard to remove because of its deeper integration. The pop-up notifications will sometimes also display ads from Baidu, Facebook and Google overlaying on top of the homescreen or another app and placed in such a way that a user might accidentally click on it.
The antivirus company has identified that 142 different devices have been affected with more than 10 active users on each device or model. Though there are a few Archos and ZTE phones in the mix, most devices were from white labelled manufacturers which means, most of them won’t be running a certified version of Google’s mobile OS.
This means, not only are uncertified device allowed to run Google services, users will be notified of an error when installing Google apps manually onto these devices. Avast says not all devices of the same models have been affected and suggested that Cosiloon might be needed into devices through a mysterious hacker of sorts.
Avast has confirmed that it’s been in touch with Google for taking steps into the matter while the latter detects the different apps through which the adware shows up. The Mountain View company is also reaching out to OEMs to address and let them know about steps to prevent the adware from hitting any further devices. While Google Play Protect in certified Android devices will be enough to spot and disable Cosiloon, an antivirus might be helping a great deal to uninstall the adware when found.
This can also be another conscious thing to be concerned about when buying a cheap phone for yourself or your loved ones. Malware or not, allowing an unknown brand to make use of your personal and private information is certainly a bad idea.