CYBER NEWS

Virus-Infected Android Phones Sold Through US-Subsidized Program

Android phones that are being sold under an American Government Subsidized Program have been found to contain malware. The dangerous code is very difficult to detect and it is embedded deep into the Settings features of the operating system.




Low-Cost Android Phones That Are Sold Via a US Subsidized Program Contain Dangerous Virus Code: The Malware is Very Hard to Detect

Low-cost Android phones are usually bought by users from retailers, telecom operators or subsidized programs in some regions. Usually the last option allows only a certain type of users that are eligible to participial and buy a phone at an attractive price. However a recent security scan has found that low-cost Android phones sponsored by the Lifeline Assistance Program contain malware code. The virus-infected devices are sponsored by the U.S. FCC and the Assurance Wireless carrier which is operated by Virgin Mobile.

Related:
The Evilnum hacking group has been found to use advanced hacking tools of other well-known criminal collectives like Cobalt, FIN6 and others
Evilnum Hacking Group Uses Tools Made By Cobalt, FIN6 and Others It

The virus code has been detected in the ANS Ul40 smart device. At the moment it is not known if this particular version is sold in the subsidized program, but a copy of the instructions manual has been found on one of the related sites. The security experts tracked down the malware to the Settings feature of the Android operating system. It is found in both this feature and also the Wireless Update which is integrated in the Settings section.

The type of malware that is found in the phone’s memory is a Trojan Horse Infections however as it is installed on a very deep level it is very difficult to remove. At the moment it is inactive which brings about two theories about its possible use:

  • Test Infection — The virus can be inserted merely in order to prove that a virus can be installed onto devices that are distributed by end users.
  • Inactive Use — The Android devices are not currently overseen by the hackers. This means that at any time the hackers can activate the built-in engines and use it for various purposes.

The Trojan operations which can be utilized by the hackers include not only to hijack the devices and take over control of the phones, as well steal user and system files. The ANS UL40 phones which contain the virus code does not come with a SIM card preinstalled which is another reason for the malware to be inactive as an active data connection is required to send out network communication to and from the hacker-controlled servers.

At the moment it is not known which hacking group is responsible for the insertion of the malware code. The point of intrusion is also unknown – whether or not this comes from the manufacturers, the stores or another party involved in the production or distribution process.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...