Skip to main content

Avoid the latest Android malware scare by remembering this one thing

Antivirus company Avast has discovered hundreds of Android-based devices — mostly tablets — have malware hidden deep inside the firmware, spreading annoying ads and potentially leading the unwary to download compromised apps. The list of manufacturers affected includes ZTE, a company facing its own problems at the moment, along with Archos and many others. Don’t throw your Android device away, though — it’s highly unlikely you’re personally affected by this, and if you’re not, there’s a very easy way to avoid it in the future too.

On the infected hardware, Avast identified adware called Cosiloon, which is downloaded and installed by what’s called a “dropper,” a special program encoded in the device’s firmware. Cosiloon links itself to advertising networks provided by Google, Facebook, and Chinese technology company Baidu, then shows pop-up ads, banners, and other annoying interruptions over the top of the Android operating system. These ads are often for potentially compromised apps.

Nasty, right? No one wants extra ads, least of all ones that are difficult to remove without the use of an antivirus program. Additionally, it’s more bad press for ZTE, a company that has sold phones and tablets all over the world for years. Avast says it identified devices infected with the malware in Europe and the U.S., suggesting the problem is widespread. Plus, while it serves ads now, the dropper could be used to install far worse in the future, including spyware.

Don’t panic

While it’s reasonable to be concerned about malware and security issues on any device we own, and for Avast to track these incidents, you probably don’t have to worry this time. Avast points out that the majority of devices it tracked didn’t come with Google Play installed, and were not Google certified. Also, while many are listed, the bar for inclusion was set at “more than 10 unique users in the last month.” It also tracked another 800 devices that had fewer than 10 unique users.

While ZTE features several times on the list, the devices are old and often regional variants. Almost all other affected devices are made under contract by companies most will not know, and based on the low bar of acceptance onto Avast’s list, may not have sold in great numbers either. If you haven’t bought an incredibly cheap Android product without Google Play Services installed over the past few years, you can go about your day worry-free.

How about avoiding the problem in the future? The solution is to buy a Google-certified product (which will have Google Play Protect in place to keep you safe) from a recognized manufacturer. Google lists its certified partners here. No, it’s not a guarantee — Archos is a Google-certified partner, for example — but the chance of encountering Cosiloon or any other preinstalled adware is far, far lower.

If you do own one of the devices Avast lists, or have seen activity that makes you suspect the presence of Cosiloon on your Android tablet or phone, then Avast provides information on how to remove it and the dropper that installed it in the first place. It’s also working with providers and domain registrars to get the problematic servers closed down permanently.

Editors' Recommendations

Andy Boxall
Senior Mobile Writer
Andy is a Senior Writer at Digital Trends, where he concentrates on mobile technology, a subject he has written about for…
One of 2023’s most interesting Android phones just dropped
Realme GT5 Pro in ornage.

Not too long ago, the Google Pixel 4 arrived on the scene packing a Soli radar system that allowed Motion Sense. It enabled you to snooze alarms, mute calls, control music playback, and more — all by waving your hand over the screen. LG attempted something similar called Air Motion on the LG G8 ThinQ using an array consisting of a time-of-flight (ToF) camera and an infrared sensor.

It was cool to see, but hit-or-miss in real life. Unfortunately, the idea died. Google never put the Soli system on another Pixel phone, and LG shuttered its entire phone division. But apparently, the fascination for controlling a phone with touchless hand gestures lives on.

Read more
One of our favorite Android phones just got its own iMessage app
Nothing Chats app on a. phone.

Nothing is trying to bridge the great blue/green bubble divide for Android users of iMessage. This is not a personal crusade to shatter walls and open windows, as much as Nothing CEO Carl Pei would want you to believe that. Instead, Nothing is piggybacking on tech created by New York-based startup Sunbird. 
Technically, the Sunbird app can be installed on any Android phone and it features a blue bubble for all iMessage text exchanges involving an Android phone. No more green bubble shame that could get you kicked out of groups for disrupting the harmony or even slim your dating chances. That’s how bad it is! 
Nothing is adopting the Sunbird tech and bundling it as its very own app under the name Nothing Chats. But here’s the fun part. The app only works on the Nothing Phone 2 and not the Nothing Phone 1. And this life-altering boon will only be bestowed upon users in the U.S., Canada, the U.K., or the EU bloc.

The app is currently in the beta phase, which means some iMessage features will be broken or absent. Once the app is downloaded on your Nothing Phone 2, you can create a new account or sign up with your Apple ID to get going with blue bubble texts. 
Just in case you’re concerned, all messages will be end-to-end encrypted, and the app doesn’t collect any personal information, such as the users’ geographic location or the texts exchanged. Right now, Sunbird and Nothing have not detailed the iMessage features and those that are broken. 
We made iMessage for Android...
The Washington Post tried an early version of the Nothing Chats app and notes that the blue bubble system works just fine. Texts between an Android device and an iPhone are neatly arranged in a thread, and multimedia exchange is also allowed at full quality. 
However, message editing is apparently not available, and a double-tap gesture for responding with a quick emoji doesn’t work either. We don’t know when these features will be added. Nothing's Sunbird-based app will expand to other territories soon. 
Sunbird, however, offers a handful of other tricks aside from serving the iMessage blue bubble on Android. It also brings all your other messaging apps, such as WhatsApp and Instagram, in one place. This isn’t an original formula, as Beeper offers the same convenience.

Read more
The worst thing has happened to one of 2023’s best Android phones
A person using the OnePlus 11.

I’ve been using the OnePlus 11 again, but if you press me on how I feel about the phone, you’re going to get a very cold, clinical answer.

I may say it’s very good for the price or that it does most of what you could want without spending a fortune, but I won’t say that I love it. I don’t actually feel anything for the OnePlus 11 because, since its release in February, it has become a bit … boring.
There's nothing wrong with the OnePlus 11

Read more