{"id":15277,"date":"2020-08-07T00:15:00","date_gmt":"2020-08-06T22:15:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15277"},"modified":"2022-09-04T22:10:37","modified_gmt":"2022-09-04T20:10:37","slug":"android-preinstalled-malware-found-on-subsidized-us-smartphones","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/08\/07\/android-preinstalled-malware-found-on-subsidized-us-smartphones\/","title":{"rendered":"Android: Preinstalled malware found on subsidized US smartphones"},"content":{"rendered":"

[German<\/a>]Security researchers from Malwarebytes have found Malware on state-subsidized Android smartphones. The malware was pre-installed on the state sponsored devices.<\/p>\n

<\/p>\n

Smartphones sponsored by the US states<\/h2>\n

\"\"In the USA, there are state-subsidized smartphones that are made available to financially disadvantaged citizens. The whole thing there is known as 'Assurance Wireless', and such devices can be obtained from Virgin Mobile, for example. This is intended to enable citizens who have few financial resources to participate in digital life.<\/p>\n

Malware found on Android smartphones<\/h2>\n

Security researchers from Malwarebytes discovered<\/a> some time ago that smartphones funded by the US state and made available to financially disadvantaged citizens had malware pre-installed on them. The ANS UL40 smartphone with Android operating system 7.1.1, which can be obtained from Virgin Mobile via Assurance Wireless, is affected.  <\/p>\n

\"ANS
(ANS UL40 , Source: Malwarebytes)<\/p>\n

A user who has received such a device has provided this malware byte for analysis. Therefore, it is currently unclear whether the device is still available – which does not change the facts of the case. Just like the UMX U683CL, the ANS UL40 is also infected with a compromised Settings app and a Wireless Update app. <\/p>\n

\n

Paketname: com.android.settings
MD5: 7ADA4AAEA49383499B405E4CE0A9447F
App Name: Einstellungen
Erkennung: Android\/Trojaner.Herunterladen.Wotby.SEK<\/p>\n<\/blockquote>\n

The app contains a Trojan, but the Malwarebytes security researchers did not detect any malicious activity triggered by this infected Settings app during the analysis period of the app. However, it must be noted that the security researchers also did not spend the time on the device that a typical user would spend on a mobile device. No SIM card was installed in the device, which could have an effect on the behavior of the malware. Nevertheless, there is enough evidence that this settings app has the ability to download apps from a third-party app store. <\/p>\n

For the Wireless Update<\/em> app, the infection looks like this:<\/p>\n

\n