Skip to main content

Avoid the latest Android malware scare by remembering this one thing

Antivirus company Avast has discovered hundreds of Android-based devices — mostly tablets — have malware hidden deep inside the firmware, spreading annoying ads and potentially leading the unwary to download compromised apps. The list of manufacturers affected includes ZTE, a company facing its own problems at the moment, along with Archos and many others. Don’t throw your Android device away, though — it’s highly unlikely you’re personally affected by this, and if you’re not, there’s a very easy way to avoid it in the future too.

On the infected hardware, Avast identified adware called Cosiloon, which is downloaded and installed by what’s called a “dropper,” a special program encoded in the device’s firmware. Cosiloon links itself to advertising networks provided by Google, Facebook, and Chinese technology company Baidu, then shows pop-up ads, banners, and other annoying interruptions over the top of the Android operating system. These ads are often for potentially compromised apps.

Recommended Videos

Nasty, right? No one wants extra ads, least of all ones that are difficult to remove without the use of an antivirus program. Additionally, it’s more bad press for ZTE, a company that has sold phones and tablets all over the world for years. Avast says it identified devices infected with the malware in Europe and the U.S., suggesting the problem is widespread. Plus, while it serves ads now, the dropper could be used to install far worse in the future, including spyware.

Don’t panic

While it’s reasonable to be concerned about malware and security issues on any device we own, and for Avast to track these incidents, you probably don’t have to worry this time. Avast points out that the majority of devices it tracked didn’t come with Google Play installed, and were not Google certified. Also, while many are listed, the bar for inclusion was set at “more than 10 unique users in the last month.” It also tracked another 800 devices that had fewer than 10 unique users.

While ZTE features several times on the list, the devices are old and often regional variants. Almost all other affected devices are made under contract by companies most will not know, and based on the low bar of acceptance onto Avast’s list, may not have sold in great numbers either. If you haven’t bought an incredibly cheap Android product without Google Play Services installed over the past few years, you can go about your day worry-free.

How about avoiding the problem in the future? The solution is to buy a Google-certified product (which will have Google Play Protect in place to keep you safe) from a recognized manufacturer. Google lists its certified partners here. No, it’s not a guarantee — Archos is a Google-certified partner, for example — but the chance of encountering Cosiloon or any other preinstalled adware is far, far lower.

If you do own one of the devices Avast lists, or have seen activity that makes you suspect the presence of Cosiloon on your Android tablet or phone, then Avast provides information on how to remove it and the dropper that installed it in the first place. It’s also working with providers and domain registrars to get the problematic servers closed down permanently.

Andy Boxall
Andy is a Senior Writer at Digital Trends, where he concentrates on mobile technology, a subject he has written about for…
One of the best Android launchers is in trouble
Nova Launcher on an Android phone.

I vividly remember the early days of the awesome CyanogenMod custom ROM, which essentially turbocharged an average Android phone’s software to give it loads of extra features and settings. With the unfortunate death of CyanogenOS in 2016, I turned my attention to Nova Launcher in my college days. Ever since, I’ve installed the launcher on almost every Android phone that I got my hands on and customized the interface to my heart's content.

But it seems the twilight of those days looms large over Nova Launcher. In 2022, the company behind this awesome Android launcher was acquired by an analytics company named Branch. A day ago, Branch laid off the entire Nova Launcher team except Kevin Barry, creator of the well-loved launcher.

Read more
The Google Pixel 8a may not get one of Android 15’s coolest features
The back of the Google Pixel 8a.

One of the most highly anticipated new features in Android 15 may not be available on the recently launched Google Pixel 8a. If true, it's bad news for anyone who just purchased Google's newest budget handset.

Android Authority reports that the least expensive Pixel 8 model will not support the Auracast feature in Android 15. This feature allows users to share their phone’s audio with multiple Bluetooth devices — making it a lot easier to share a song or video with friends/family without disturbing other people around you.

Read more
I put two cheap Android tablets head-to-head. This is the one to buy
The Amazon Fire Max 11 and Poco Pad in their keyboard cases.

Amazon Fire Max 11 (left) and Poco Pad Andy Boxall / Digital Trends

You’ve almost certainly heard of the Amazon Fire Max 11 but probably haven’t heard of the Poco Pad before -- mostly because Poco does not sell its hardware in the U.S., but also because it hasn’t made a tablet before.

Read more