Remember one thing, and you'll avoid the latest Android malware scare

Ceria Alfonso
May 27, 2018

The reason you don't need to freak out is that nearly all the infected devices are uncertified - they don't run Google's version of Android. However, what do you do when the malware comes built-in on the device?

Avast Threat Labs said it has found adware pre-installed on several hundred different Android devices, including those from manufacturers like ZTE, Archos, and myPhone.

The adware's name is called Cosiloon, and what it does is to create an ad over the webpage you might be loading in your browser. It is extremely hard to remove Cosiloon since it is installed on the firmware level and uses strong obfuscation to avoid removal. Over 142 devices have been added to the list of affected models, with victims in over 90 counties - mostly in the UK, Russia, Italy, Germany, France, and Romania.

The cybersecurity company Avast has identified a pre-installed Cosiloon adware in the firmware of a total of about 100 current low-end Android smartphones that distribute advertising through the browser and are installed during the assembly line of the devices.

It is not clear how the adware got onto the devices.

The phones concerned belong to manufacturers such as ZTE, Archos, Prestige, and myPhone, and are in all cases low-cost terminals that are not Google-certified, as revealed by a report published by Avast. After Avast contacted the company hosting the attacker's command and control server, an updated version of the malware was released on April 17, 2018.

More news: Tropical Storm Warnings are up along Gulf Coast ahead of Alberto

As noted earlier, nearly all of these devices that were discovered coming pre-installed with malware were not certified by Google as the installer was added by the manufacturer or carrier.

"Some anti-virus apps report the payloads, but the dropper will install them right back again and the dropper itself can't be removed, so the device will forever have a method allowing an unknown party to install any application they want on it", the report informed. The Avast Threat Labs have observed the dropper install adware on the devices, however, it could easily also download spyware, ransomware or any other type of threat. "Together, we can ensure a safer mobile ecosystem for Android users". However, they were quickly restored using a different provider.

Researchers wrote that the whole assembly consists of the dropper and the payload. If you haven't bought an incredibly cheap Android product without Google Play Services installed over the past few years, you can go about your day worry-free.

"Users can find the [Cosiloon] dropper in their settings (named "CrashService", "ImeMess" or "Termina" with generic Android icon), and can click the "disable" button on the app's page, if available (depending on the Android version)".

Avast can detect and remove the payloads and they recommend following these instructions to disable the dropper.

Otros informes por

Discuta este artículo