• Android phones made by a Chinese manufacturer and sold for years in Africa came with pre-installed malware that stole users’ data and money.
  • That’s according to a new report from a mobile security firm, which found that tens of thousands of the Android phones were sold in Africa.
  • The low-cost Chinese phone brand in question is Tecno W2.

Tecno W2 smartphones are low-cost Android phones made in China that, at least in Africa, have been giving established mobile players like Samsung a run for their money. In fact, since Transsion — the Chinese company behind those Tecno mobile devices — launched its first phone six years ago — it’s done so well that it’s now the top handset seller in Africa, with customers particularly attracted to the cheap price tag compared to offerings from Nokia and Samsung.

“They’re very attractive and appealing to your eyes,” an unemployed 41-year-old named Mxolosi (who asked that his last name be withheld) told BuzzFeed News in an investigation about the phones, which also uncovered the fact that thousands of them were hiding malware. “Honestly, I was a Samsung fan but I said, ‘Let me try this new product.’” Soon enough, he started seeing the effects of the malware in these phones with his own eyes. His calls and chats kept getting interrupted by pop-up ads. His prepaid data kept being suddenly drained, and the phone also seemed to be signing him up for subscriptions that he wasn’t aware of.

The culprit was found to be Triada, a malware variant that “acts as a software backdoor and malware downloader.” That’s according to a report produced by a mobile security service called Secure-D, which found a frightening amount of malicious activity concentrated in these Transsion Tecno W2 handsets in Africa.

“Starting in March 2019,” the report notes, “Secure-D caught and blocked an unusually large number of transactions coming from Transsion Tecno W2 handsets mainly in Egypt, Ethiopia, South Africa, Cameroon, (and) Ghana, with some fraudulent mobile transaction activity detected in another 14 countries.

“To date, a total of 19.2m suspicious transactions — which would have secretly signed users up to subscription services without their permission — have been recorded from over 200k unique devices.”

To get to the bottom of what was going on, Secure-D representatives acquired a selection of Tecno W2 phones from both users as well as by buying them outright at retail. The firm specifically wanted to analyze the nature of the software that was responsible for the phony subscription requests — and, importantly, the firm’s investigation revealed that the devices in question came with the Triada-related malware pre-installed.

Secure-D managing director Geoffrey Cleaves told CNN: “The fact that the malware arrives pre-installed on handsets that are bought in (the) millions by typically low-income households tells you everything you need to know about what the industry is currently up against.

“This particular threat takes advantage of those most vulnerable.”

According to data from market research firm IDC, Shenzhen-based Transsion Holdings, which manufacturers these particular Android devices, has a 41% market share in Africa. Speaking about the pre-installed malware, Tecno Mobile told CNN Business that the issue “was an old and solved mobile security issue globally” for which a fix was issued in March 2018.

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.