Hidden Downloaders Found Pre-installed Apps on Several Low-cost Android Phone Models

Security researchers said they've found dozens of low-cost Android phone models have pre-installed with apps that surreptitiously download and install adware and other unwanted programs.

According to a blog post published Monday by antivirus provider Doctor Web, At least 26 low cost phone models happened to have pre-installed with a downloader dubbed Android.DownLoader.473.origin. Doctor Web researchers detailed the app as a trojan downloader that can download not only mild applications but also malign and unwanted ones. One of the found app, is H5GameCenter, displays ads on top of running applications. Infected users report that when they uninstall the app, Android.DownLoader.473.origin quickly downloads and installs it again. the image cannot be removed as well.

Doctor Web detected another preinstalled downloader, known as Android.Sprovider.7 and comes with encrypted inside another app. It has the ability to automatically download and install Android application files when users click on a confirmation button. On the top of that, it's automatically make phone calls to certain numbers, and show ads on top of apps.

"It is known that cybercriminals generate their income by increasing application download statistics and by distributing advertising software," the security researchers wrote. "Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were incorporated into Android firmware because dishonest outsources who took part in creation of Android system images decided to make money on users."

The list of affected models:

  • MegaFon Login 4 LTE

  • Irbis TZ85

  • Irbis TX97

  • Irbis TZ43

  • Bravis NB85

  • Bravis NB105

  • SUPRA M72KG

  • SUPRA M729G

  • SUPRA V2N10

  • Pixus Touch 7.85 3G

  • Itell K3300

  • General Satellite GS700

  • Digma Plane 9.7 3G

  • Nomi C07000

  • Prestigio MultiPad Wize 3021 3G

  • Prestigio MultiPad PMT5001 3G

  • Optima 10.1 3G TT1040MG

  • Marshal ME-711

  • 7 MID

  • Explay Imperium 8

  • Perfeo 9032_3G

  • Ritmix RMD-1121

  • Oysters T72HM 3G

  • Irbis tz70

  • Irbis tz56

  • Jeka JK103

  • Lenovo A319

  • Lenovo A6000



On Monday, the downloaders reported that probably don't pose as big a threat as the powerful backdoors that were recently found pre-installed on more than 3 million Android handsets. Again, their ability to covertly install any app chosen by their unaccountable operators, combined with their embrace of adware, make the phones worth avoiding.

Tags
Android phone
Real Time Analytics