- Who is Corn Pop? Here are all the theories about the gang leader from Joe Biden’s past Sunday 4:37 PM
- Fresh sexual misconduct allegations against Kavanaugh spur calls for impeachment Sunday 3:28 PM
- Mike Pence says a triple crown winning racehorse bit him Sunday 12:51 PM
- Disney CEO Bob Iger leaves Apple board amid streaming wars Sunday 12:01 PM
- Influencer Destiny Marquez faces backlash for berating Forever 21 employee Sunday 10:32 AM
- Chelsea Handler tackles system racism in ‘Hello Privilege. It’s Me, Chelsea’ Sunday 9:18 AM
- Gun control proposal: Trump, lawmakers considering background check-conducting app Sunday 9:05 AM
- How to stream Browns vs. Jets on Monday Night Football Sunday 7:00 AM
- What are anons? Sunday 6:30 AM
- How to stream Eagles vs. Falcons on Sunday Night Football Sunday 6:00 AM
- How to stream ‘Power’ season 6, episode 4 Sunday 5:00 AM
- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
- A Missouri officer resigned after his Islamophobic Facebook posts surfaced Saturday 5:08 PM
- Adding ‘Triggered’ to stock photos of white men creates Netflix comedy special thumbnails Saturday 3:10 PM
Security researchers with Avast discovered that some Android smartphones have been shipping with malware pre-installed. The devices— from manufacturers such as ZTE, Archos, and Prestigio—come with a brand of ad-related malware dubbed “Cosiloon.”
The Cosiloon malware creates a pop-up on the phone’s screen in order to display ads when the user opens their phone’s built-in web browser. These ads often advertise other malicious apps—which, if clicked, download more malware onto the user’s device. Cosiloon is composed of two APKs, a dropper (which installs the malware), and the malware payload. Avast uncovered two types of droppers—”CrashService” and “ImeMess”—and more than 100 different payload variants. The payload masquerades as a system application to avoid being discovered by antivirus applications.
While Cosiloon has been around for several years, it is not particularly widespread. It affects less than 1,000 users, mostly on budget handsets not certified by Google, in 90 different countries. Avast’s antivirus app can now detect and disable the payload but not the dropper. Google Play Protect can disable the payload and dropper, but most of the devices affected don’t have Play Protect installed. Avast and Google are also working together to find a permanent fix to Cosiloon.
Earlier this month, another piece of Android malware (“ZooPark“) was discovered. This malware was used against targeted Middle Eastern Android phone users for surveillance. The malware takes over nearly all the phone’s functions in order to steal passwords, listen to phone calls, and download photos from memory cards. Other devices have been infected with cryptocurrency-mining malware.
While they’re not necessarily fool-proof, a good anti-malware app can help ensure malicious software like this doesn’t take hold on your own Android device.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.