Preinstalled malware is probably not something you signed up for when you decided to purchase an affordable Android device. However, it appears this is a real problem in a few developing markets, where built-in malware harms users even before they’re able to do anything about it.

What’s even more worrying is that some of these users are first-time smartphone owners. In fact, some of them are first time-time internet users. That means they’re even less equipped to understand and handle malware than tech-savvy users who still might fall for malware scams despite their experience.

The news comes from Upstream, a company that deals in security, including online transaction fraud and data depletion. Upstream says that a number of cheap Android phones that are sold in markets including Brazil, Egypt, Myanmar, and South Africa contain malware that can steal user data and even money.

The phones are preloaded with “ad fraud malware,” according to Upstream CEO Guy Krief. A malicious app like this “communicates with, and sends unauthorized personal user data to a server in Asia, depletes their data allowance and signs them up to premium subscription services without their consent.”

The user might not even realize what happened, which is even more troubling. And the user is ultimately the one who pays the price, either by having his or her data allowance depleted faster than normal use or by having app purchases charged to their accounts.

Data is a lot more expensive in developing markets, with the report saying that in Brazil a person needs to work an average of six hours to pay off 1GB of data. Furthermore, most people are on prepaid plans, and app purchases might be charged against their prepaid balance. Krief explains:

This malware is targeting consumers who are often getting online for the first time via their mobile device and have no other way to access the internet. In emerging markets, where online clicks can trigger a purchase and charges to airtime credit, such online advertising fraud directly impacts the end consumer. These users are immediately falling victim to fraudulent activity, which is using their mobile data allowance and taking money from their airtime credit. In one month, we observed over 1.3 million fraudulent attempts to purchase a single digital premium service in Brazil alone, the first of the markets where we identified this issue in. A similar pattern was identified by our Secure-D platform in other emerging markets, like Myanmar, Egypt, and South Africa.

Upstream says its Secure-D product can protect mobile operators and subscribers against this types of malware and other threats. The firm’s comprehensive research is available at this link.

It’s unclear which devices come with malware preinstalled, but The Wall Street Journal does name one phone, China-made Singtech P10. Furthermore, it identified GMobi as the advertising firm in Taiwan that is gathering user data from the devices sold in these emerging markets. Apps from the same company may try to sign up users for paid services including mobile games. And GMobi software is preinstalled on devices made by a dozen Android makers including well-known brands like Huawei, Xiaomi, and Blu. Huawei and Xiaomi said they never worked with the ad agency, while Blu only had “exploratory discussions.”

MoMagic might be one other ad company tracking users in markets including India and Bangladesh, but the company told The Journal it’s doing it in accordance with local laws. MoMagic lists several Android device makers as partners, including Xiaomi, Micromax, Intex, Panasonic, and Sony.

Comments