Security researchers have discovered preinstalled malware on low-cost smartphones made in China.
According to BuzzFeed News and anti-fraud platform Secure-D, the Tecno W2 model has been shipped with the Triada and xHelper software, which steals prepaid data and subscribes users to paid services without their knowledge. The smartphone is made by China-based mobile manufacturer Transsion, which has become the world's s fourth-largest mobile phone-maker by targeting low-income markets with relatively cheaper devices.
BuzzFeed News reports the infected phones primarily reached African countries such as Egypt, Ghana, and South Africa, with some devices being sold in Indonesia and Myanmar. Secure-D reportedly managed to block about "844,000 transactions connected to preinstalled malware on Transsion phones between March and December 2019." The xHelper trojan reportedly can't be removed with a factory reset.
"Transsion traffic accounts for 4% of the users we see in Africa. Yet it contributes over 18% of all the suspicious clicks," Secure-D Managing Director Geoffrey Cleaves told BuzzFeed News. "... A fraudster is able to take advantage of that desire for a low price by offering their [hardware or software] services, even at loss, knowing that they can recover the costs through this ad fraud."
A spokesperson for Transsion claims the company has not profited from the malware, which was allegedly installed by an unnamed "vendor in the supply chain process." The representative also said the company has since released the downloadable OTA fix for infected phones.
"We have always attached great importance to consumers' data security and product safety," the Transsion spokesperson told BuzzFeed News. "Every single software installed on each device runs through a series of rigorous security checks, such as our own security scan platform, Google Play Protect, GMS BTS, and VirusTotal test."
The company did not reveal how many devices were infected.