Cheap Chinese smartphones were caught stealing money and data from users around the world
Pre-installed malware on low-cost Chinese phones steals data and money from users in developing countries. For example, the Tecno W2 smartphone can be sold in some regions for literally $ 30 – much cheaper than comparable models from Samsung, Nokia, or Huawei. But such cheapness has unpleasant consequences.
The Chinese company Transsion produces smartphones and conventional cell phones for developing countries under the Tecno brand and others. Since launching its first handset in 2014, the company, for example, has become the leader in phone sales in Africa, overtaking previous leaders Samsung and Nokia.
But success can come with a price. Users in Africa, Ethiopia, Cameroon, Egypt, Ghana, Indonesia, and Myanmar have complained that pop-up ads on Tecno W2 interrupted calls and chats, their mobile account was mysteriously spent, and there have also been reports of paid subscriptions to unknown apps. An investigation into Secure-D, a mobile security service, showed that it was all for a reason. Smartphones were infected out of the box with helper and Triada, malware that secretly downloaded applications and signed people to paid services without their knowledge.
Secure-D, which some mobile operators use to protect their networks and customers from fraudulent transactions, blocked 844,000 transactions involving pre-installed malware on Transsion phones between March and December 2019. Secure-D Managing Director Geoffrey Cleaves told BuzzFeed News that user data has been actively used in attempts to automatically subscribe to paid services. “ For example, in Africa, Transsion devices generate 4% of user traffic, while smartphones account for more than 18% of all suspicious transactions,” said Mr. Cleaves.
This is another example of how some people try to save money by buying a device from a little-known brand. Cheap Chinese smartphones are often preinstalled with malware that charges a kind of tax. At the same time, a Transsion spokesman told BuzzFeed News that hidden programs Triada and helper appear on the company’s phones due to some unknown link in the supply chain.
“We always attach great importance to the safety of consumer data and product safety, ” the company said. ” Every software installed on a device goes through a series of rigorous security checks, such as our proprietary security scanning platform, Google Play Protect, GMS BTS, and the VirusTotal test. ” A company spokesperson added that Transsion did not benefit from malware and declined to disclose how many mobile phones were infected.
Although largely unknown outside developing countries, Transsion is the fourth-largest mobile phone manufacturer in the world after Apple, Samsung, and Huawei, and is the only leading manufacturer focused exclusively on emerging markets.
The need to keep costs down opens the door to malware and other vulnerabilities. “Fraudsters can take advantage of the consumer’s desire to buy a device at the lowest price by offering their hardware or software services even below cost, knowing they can then recover costs through fraud, ” said Geoffrey Cleaves.
Secure-D previously detected pre-installed malware on Alcatel-branded phones of the Chinese mobile phone manufacturer TCL Communication in Brazil, Malaysia, and Nigeria. She also investigated how Chinese malware pre-installed on cheap smartphones in Brazil and Myanmar robbed users through fraudulent transactions.
Similar schemes work not only in developing countries but also in the United States. This year, Malwarebyte’s security service found preinstalled Chinese-based malware on two phones offered to low-income citizens as part of the US government’s Lifeline program, which provides subsidized phones and discounted traffic. Both phones were manufactured by Chinese companies.
Nathan Collier, the senior mobile malware analyst at Malwarebytes, said cheap Chinese smartphones often pose security threats to people around the world. “We run into the same story over and over again where a cheap Chinese phone with Chinese malware ends up in the hands of people who can’t afford a more expensive phone, ” he said. ” It’s disgusting and unpleasant to pre-install malware on a phone before a consumer purchases it. “
Mr. Collier researched Triada and helper and said it was the first malware in his practice that remains operational even after a factory reset. Transsion said it released a patch against Triada in March 2018 after reports revealed the presence of the software on W2 smartphones. The company also added that it released a fix for a helper in late 2019. In both cases, phone owners had to manually download fixes and update their phones.
Secure-D now continues to block transactions from Transsion phones but to a much lesser extent. Experts believe that the helper has entered a stage of inactivity and is dormant on millions of devices, while attackers are simply waiting for the opportunity to strike again.