Unimax removed pre-installed malware from Assurance Wireless’s government-subsidised UMX U683CL smartphone

by Surur
March 3, 2020

We reported on January that Security company Malwarebytes had discovered a US Government-subsidized low-cost smartphone is being sold to customers with pre-installed malware.

The UMX U683CL, being sold by Virgin Mobile’s Assurance Wireless program for only $35 (due to the Lifeline Assistance program) came pre-loaded with two trojans, one of which could not be removed.

The two trojans were Android/PUP.Riskware.Autoins.Fota.fbcvd and Android/Trojan.Dropper.Agent.UMX.

Both apps could turn buyers into a distributed botnet used for click fraud for ads and apps which are difficult to detect. Some users reported being shown full-screen ads, including on their lock screen.

At the time Umax did not admit any fault, however, but promised an update:

After investigating this issue, Unimax Communications has determined that the applications described in the posting are not malwareIn reviewing these applications, however, Unimax Communications has determined that there may be a potential vulnerability in the Settings App library. Because of this, Unimax Communications has updated software to correct the potential vulnerability. To Unimax Communications’ knowledge, no customer data has been compromised.

Now Malwarebytes reports that Umax has indeed released an update which is free from the malware.

Users who have Android/Trojan.HiddenAds.WRACT already installed will however need to remove it— although Play Protect does offer a prompt calling it unsafe and warning users to uninstall.

Like most phones, the UMX U683CL is manufactured in China where such incidents are not uncommon, and it does not necessarily mean US customers are being directly targetted. It is likely however that hundreds of thousands of US residents were likely being spied on with little ability to correct the issue themselves.

Read all the detail at MalwareBytes here.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}