- Bernie Sanders wins Nevada Caucuses Saturday 6:54 PM
- MSNBC is out of its mind over Sanders leading Nevada Saturday 5:20 PM
- Kim Kardashian dragged for using makeup to darken her hands Saturday 4:13 PM
- TikTok users show how they turned their vehicles into incredible tiny homes Saturday 3:44 PM
- Woman iconically pranks man who sent her an unsolicited d*ck pic Saturday 2:25 PM
- ‘Terrifying’ deepfake puts Jeff Bezos and Elon Musk in ‘Star Trek’ Saturday 1:06 PM
- A 36-year-old called the cops after being booted from parents’ phone plan Saturday 12:16 PM
- People think novelist Dean Koontz predicted the coronavirus in 1981 thriller Saturday 10:22 AM
- Twitter suspends 70 pro-Bloomberg accounts Saturday 9:15 AM
- In documentary ‘Modern Whore,’ a former escort takes control of her own narrative Saturday 6:30 AM
- Cara Delevingne calls out Justin Bieber for ‘ranking’ wife Hailey’s friends Friday 9:07 PM
- Fans defend Jenna Marbles after some people claimed she mistreated her dogs in a recent video Friday 8:37 PM
- ‘Friends’ gets reunion special on HBO Max, fans go wild Friday 7:37 PM
- Why you should drop everything and start reading ‘Lore Olympus’ Friday 6:27 PM
- ‘Boogaloo’ memes are trying to organize a second civil war—and they’re spreading fast Friday 3:48 PM
Security researchers with Avast discovered that some Android smartphones have been shipping with malware pre-installed. The devices— from manufacturers such as ZTE, Archos, and Prestigio—come with a brand of ad-related malware dubbed “Cosiloon.”
The Cosiloon malware creates a pop-up on the phone’s screen in order to display ads when the user opens their phone’s built-in web browser. These ads often advertise other malicious apps—which, if clicked, download more malware onto the user’s device. Cosiloon is composed of two APKs, a dropper (which installs the malware), and the malware payload. Avast uncovered two types of droppers—”CrashService” and “ImeMess”—and more than 100 different payload variants. The payload masquerades as a system application to avoid being discovered by antivirus applications.
While Cosiloon has been around for several years, it is not particularly widespread. It affects less than 1,000 users, mostly on budget handsets not certified by Google, in 90 different countries. Avast’s antivirus app can now detect and disable the payload but not the dropper. Google Play Protect can disable the payload and dropper, but most of the devices affected don’t have Play Protect installed. Avast and Google are also working together to find a permanent fix to Cosiloon.
Earlier this month, another piece of Android malware (“ZooPark“) was discovered. This malware was used against targeted Middle Eastern Android phone users for surveillance. The malware takes over nearly all the phone’s functions in order to steal passwords, listen to phone calls, and download photos from memory cards. Other devices have been infected with cryptocurrency-mining malware.
While they’re not necessarily fool-proof, a good anti-malware app can help ensure malicious software like this doesn’t take hold on your own Android device.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.