- Why Veronica Mars doesn’t drop any F-bombs in Hulu’s adult-rated revival 1 Year Ago
- Netflix’s ‘Taco Chronicles’ will make your heart soar and mouth water 1 Year Ago
- The view of Prime Day from Amazon’s warehouse strike Today 6:30 AM
- Conspiracy theorists think underground nukes are to blame for California’s earthquakes Today 6:30 AM
- How to follow along with San Diego Comic Con online Today 6:00 AM
- How to live stream the International Champions Cup Today 5:00 AM
- A police union is urging its officers to post ‘The Punisher’ logo Monday 7:33 PM
- Redditors call for a Nestlé boycott through memes Monday 6:16 PM
- How a 10-second Disney jingle became a meme in Thailand Monday 4:48 PM
- Instagram users share photos showing gruesome killing of 17-year-old Bianca Devins Monday 4:33 PM
- The horror game banned for mocking China’s president probably isn’t coming back Monday 3:31 PM
- Cheap vibrators, condoms, and lube: The best NSFW Prime Day deals Monday 3:07 PM
- George R.R. Martin says fan backlash won’t affect his ‘Game of Thrones’ ending Monday 3:03 PM
- The very finest Area 51 memes Monday 2:52 PM
- Tweet map ranks states where people are boycotting Amazon Prime Day Monday 1:54 PM
It’s called ‘Cosiloon,’ and you can check to see if it’s affecting your phone.
Security researchers with Avast discovered that some Android smartphones have been shipping with malware pre-installed. The devices— from manufacturers such as ZTE, Archos, and Prestigio—come with a brand of ad-related malware dubbed “Cosiloon.”
The Cosiloon malware creates a pop-up on the phone’s screen in order to display ads when the user opens their phone’s built-in web browser. These ads often advertise other malicious apps—which, if clicked, download more malware onto the user’s device. Cosiloon is composed of two APKs, a dropper (which installs the malware), and the malware payload. Avast uncovered two types of droppers—”CrashService” and “ImeMess”—and more than 100 different payload variants. The payload masquerades as a system application to avoid being discovered by antivirus applications.
While Cosiloon has been around for several years, it is not particularly widespread. It affects less than 1,000 users, mostly on budget handsets not certified by Google, in 90 different countries. Avast’s antivirus app can now detect and disable the payload but not the dropper. Google Play Protect can disable the payload and dropper, but most of the devices affected don’t have Play Protect installed. Avast and Google are also working together to find a permanent fix to Cosiloon.
Earlier this month, another piece of Android malware (“ZooPark“) was discovered. This malware was used against targeted Middle Eastern Android phone users for surveillance. The malware takes over nearly all the phone’s functions in order to steal passwords, listen to phone calls, and download photos from memory cards. Other devices have been infected with cryptocurrency-mining malware.
While they’re not necessarily fool-proof, a good anti-malware app can help ensure malicious software like this doesn’t take hold on your own Android device.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.