Low-cost smartphones are products we have covered a number of times. They are one of the tools that lower the bar to entry for people to have access to internet services. Well, it seems like one of those smartphones was a vessel for malware. Findings reported by Secure D Upstream’s full-stack anti-fraud platform revealed that a model made by Transsion had malware preinstalled.
The model identified by Secure D is the Tecno W2, and the malware it contains is called Triada. This software acts as a backdoor and malware downloader. Triada installed a trojan, which is a program or code that is designed to look normal, called “xHelper“. When the malware is exposed to the right conditions, which could be a particular phone network. xHelper components would then make requests to find new subscription targets and submit requests on behalf of the owner of the phone without their knowledge.
Secure D caught and blocked a large number of transactions coming from Ethiopia, Cameroon, Egypt, Ghana, South Africa and 14 other countries. According to Secure D, there have been a total of 19.2 million suspicious transactions.
An added problem is that the xHelper trojan appears across reboots, app removals and even factory resets. This makes this malware particularly difficult to get rid of. According to Secure D, had these transactions been successful they would have spent users’ prepaid airtime.
“This particular threat takes advantage of those most vulnerable. The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against.”
Geoffrey Cleaves, Head of Secure-D at Upstream
Google, the supplier of the Android OS in the Tecno W2 said that the presence is Triada malware was probably down to an actor somewhere within the supply chain.
Secure D concluded by saying that there were no signs of the Triada Malware found affecting other phone models created by Transsion (Itel, Infinix, or Tecno models outside of the W2).
Share
Home
What’s your take?