Chinese phones with built-in malware sold in Africa


Tecno W2

Image copyright
Tecno

Image caption

Thousands of Tecno W2 smartphones were found to contain malware

Malware which signed users up to subscription services without their permission has been found on thousands of mobiles sold in Africa.

Anti-fraud firm Upstream found the malicious code on 53,000 Tecno handsets, sold in Ethiopia, Cameroon, Egypt, Ghana and South Africa.

Manufacturer Transsion told Buzzfeed it was installed in the supply chain without its knowledge.

Upstream said it was taking advantage of the “most vulnerable”.

“The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against,” said Geoffrey Cleaves, head of Upstream’s Secure-D platform.

The Triada malware found by the firm on the Android smartphones installs malicious code known as xHelper which then finds subscription services and submits fraudulent requests on behalf of users, doing so invisibly and without the user’s knowledge.

If the request is successful, it consumes pre-paid airtime, the only way to pay for digital services in many developing countries.

In total, Upstream found what it described as “suspicious activity” on more than 200,000 Tecno smartphones.

According to research firm IDC, Transsion Holdings is one of China’s leading phone manufacturers and in Africa it is the top-selling mobile manufacturer.

The BBC contacted the firm for a statement but did not receive a response.

It told Buzzfeed that it was unaware that the malware was on its smartphones, blaming an unidentified vendor “in the supply chain process”.

On its website it writes: “Each link of the supply chain is crucial to ensure high quality products,” adding that it has “strict quality standards and rigorous criteria for suppliers”.

Common problem

At the beginning of the year, security firm Malwarebytes warned that similar pre-installed apps were found on another Chinese Android phone – the UMX U686CL. This handset was offered to low-income families in the US via a government scheme.

And in 2016, researcher Ryan Johnson found that more than 700 million Android smartphones had malware installed.

Google, which developed the Android operating system, is aware of the issue.

In a blog written last year it blamed third-party vendors, used by manufacturers to install features such as face unlock, for pre-installing Triada malware.

It said it had worked with manufacturers to remove the threat from devices.



Source link

Share this:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related

Jawar Mohammed: Top Ethiopia opposition figure ‘proud’ of terror charge

image copyrightAFP image captionJawar Mohammed returned from exile in the US in 2018 Leading Ethiopian opposition figure Jawar Mohammed has told a court in the capital that he was “proud” to have been charged with terrorism. The influential former media mogul was not admitting guilt but accusing the government of targeting opposition figures like him. […]

Africa: COVID-19 Recovery Needs Informal Sector on Board

Like many countries across the globe, East Africa’s governments are providing economic stimulus packages to lighten the economic impact of the COVID-19 pandemic. However, the bulk of these packages will not reach businesses in the valuable informal sector which accounts for over 70% of non-farm employment in sub-Saharan Africa . With just over 1.3 million […]

Coronavirus: WHO sets rules for testing African herbal remedies

Related Topics Coronavirus pandemic image copyrightAFP image captionCovid-Organics was launched in Madagascar in April after being tested on fewer than 20 people over three weeks The World Health Organization (WHO) has agreed rules for the testing of African herbal remedies to fight Covid-19. Sound science would be the sole basis for safe and effective traditional […]

Lagos Inferno: The blast that destroyed a Nigerian girl’s school

An explosion in Lagos, Nigeria rocked the city to its core. Twenty-three people were killed, and a girls’ boarding school was totally destroyed. The Nigerian National Petroleum Corporation, the country’s state-owned oil firm, said the blast in March occurred as a result of a truck that hit gas cylinders near one of its petroleum pipelines. […]