Security researchers have found pre-installed and unremovable malware on US government-funded smartphones. The phones are made available to low-income families through the Lifeline program, to help make communication services more affordable. The affected model is Chinese-made and comes with two pre-installed malware functions.
Government Support for Affordable Communications
Lifeline is a support program from the US Federal Communications Commission. The aim of this program is to help make communications more affordable for low-income consumers. Eligible subscribers obtain a discount of up to $9.25 per month per family on mobile phone and internet services.
One of the most popular telecommunications companies that are being used to provide Lifeline benefits is called Assurance Wireless. This company is a subsidiary of Virgin Mobile. It offers free or low-cost government smartphones together with low-cost monthly plans.
The phone in question is the UMX U683CL, an Android device made by a Chinese company. It costs only $35 through the Lifeline program, but apparently there is a catch. In this case the price of affordability seems to come at the cost of privacy.
Pre-Installed and Unremovable Malware
Security Researchers at Malwarebytes have discovered that the smartphone contains pre-installed and unremovable malware. It started its investigation after receiving malicious app complaints from users. To verify the claims, Malwarebytes purchased the same phone for itself.
In its blog and previous posts, Malwarebytes have already highlighted that pre-installed malware continues to be a pest for users of mobile devices. “But now that there’s a mobile device available for purchase through a US government-funded program, this henceforth raises (or lowers, however you view it) the bar on bad behavior by app development companies.”
Malwarebytes said it is important to realize that UMX is not the only phone with this issue. “There are many reports of budget manufactures coming pre-installed with malware, and these reports are increasing in number.”
Two Malicious Apps
One of the pre-installed apps is called “Wireless Update”. This update program not only updates the software on the phone but also automatically installs new apps without the user’s permission. The app is similar to a variant of Adups, a well-known malware that sends data about text messages, locations and apps to a Chinese server.
In addition, there is also the “Settings” app on the device itself. This app is very similar to some well-known ‘trojan droppers’. These programs install adware, among other things. Because the app in question serves as a dashboard for the entire phone, it is not possible to remove it.
The pre-installed apps are not harmful in themselves, but the presence of software that automatically downloads new apps without user intervention or user consent is troublesome, to say the least.
Ironically, the findings have also come at a time when the US government has been repeatedly warning users about Chinese interference in communication products.
Malwarebytes has reached out to Assurance Wireless, but so far, they have not received a response.