The company Transsion admitted that the equipment has a security flaw. The malicious software makes unauthorized purchases and subscriptions and consumes mobile data.
A model of a cell phone made in China has malicious software that steals money from its users. It is the low-cost Tecno W2 equipment from the manufacturer Transsion, which has a wide distribution in Africa and Southeast Asia.
The device costs USD 30 and is in the smartphone category as it uses Android 6.0, has an 8 MP camera, and a 1.3 GHz quad-core processor. The problem is that it comes from the factory with the Triada and xHelper Trojans, which make unauthorized purchases and subscriptions, consume mobile data, and generate invasive advertising.
The malicious actions would raise funds that would go into the hands of whoever controls the program, according to a study that the mobile security firm Secure-D and the BuzzFeed medium conducted. The company Transsion is not very well-known in America and Europe, but it is the fourth largest cell phone manufacturer in the world, after Apple, Samsung, and Huawei. Their main market is in developing countries, where they can offer low-cost cell phones.
Malware and Security Flaw
Even though Transsion admitted the security flaw of the cell phone, it held responsible for a “vendor” (supplier) in the supply chain process, which it did not identify.
“We have always attached great importance to the security of consumer data and the safety of products. Every software that we install on every device goes through a series of rigorous security checks, such as our security scanning platform, Google Play Protect, GMS BTS, and the VirusTotal test,” said the company.
The total number of infected cell phones traded was unclear, but Secure-D blocked around 844,000 transactions related to the pre-installed malware between March and December 2019. The people who have bought the cell phone are from countries that include South Africa, Ethiopia, Cameroon, Egypt, Ghana, Indonesia, and Myanmar.
What happened regarding the malware installed on the low-cost cell phones takes on another dimension, since it involves users facing adverse financial situations. “The poor are becoming even poorer. People are starving,” said one of those affected, identified as Mxolosi.
Some analysts consider that the malware has entered a dormant stage. However, they emphasized that it is not certain that the software has disappeared as there are still devices that have not been activated.
No one knows either whether the malware is capable of stealing cryptocurrencies like Bitcoin through the replacement of addresses copied to the clipboard. These types of malicious actions, known as clipboard hijackers, represent one of the most common malware programs used to steal Bitcoin and cryptocurrencies.
Last year, the first malware of its kind was detected in the Google Play Store for Android devices. This class of malicious programs, also known as “clipper”, intercepts addresses that then changes to other addresses of the attacker.
Users who want a new cell phone should ensure that it has no flaws that put their data at risk. They should also learn about new developments that help them safeguard their cryptocurrencies more effectively.
By Alexander Salazar
