Skip to main content

Thousands of cheap tablets sold on Amazon have Trojans pre-installed

cloudsota trojan malware on cheap tablets amazon shutterstock tablet travel airport
Security researchers at Cheetah Mobile have discovered potentially thousands of Android tablets for sale on Amazon that come pre-installed with a Trojan called Cloudsota.

The Cloudsota Trojan has root permissions and can give its author remote control of your device, as well as install adware, malware, or even uninstall your anti-virus app. The researchers believe that the Trojan originated in China.

Cheetah’s researchers claim, based on anonymous data, that at least 17,233 infected tablets have been shipped to users, mostly in Mexico and the United States.

The affected devices are mostly low-price tablets. Cheetah Mobile notes that around 30 manufacturers have tablets infected with this Trojan. Most often, it is tablets without a clear or well-known brand name that are affected. The researchers state that they have contacted the manufacturers, Amazon, and a number of other online retailers with their concerns but have yet to hear back.

“When we discover a questionable tablet, we send a notification to Amazon explaining the issue,” they said.

The majority of devices affected are low cost “no brand” tablets. Devices manufactured with Allwinner chips are the “most severely affected.” Other brands affected include SoftWinners, Advance, Rockchip, Joinet, and SW.

Customers should be extra wary of cheap tablets that may look like a good deal, but could be very risky, the researchers warn. People are advised to check the user reviews on these devices, which highlight some of the tell-tale signs.

“It always downloads malware on its own and has got to the point now where I cant [sic] connect to wi-fi or else i’m constantly bombarded by adverts making all apps crash, freeze or just unusable,” said one user in September 2014.

As recently as last month, people were posting similar reviews. Another said a Yuntab tablet was “Loaded with malware/adware that can’t be removed. Shows full screen pop ads all the time and suspends app you have running.”

If you purchased a tablet like this, some of the signs that you have been infected include constant ad pop-ups, changing homepages, and other apps regularly crashing. In many cases, rebooting the device will not remove the Cloudsota Trojan either.

“While most people have no idea about Cloudsota’s potential risks, it is a ticking time bomb threatening your privacy and property,” added the researchers, pointing out that the Trojan has in fact existed for some time.

In the meantime, it’s recommended that you don’t buy tablets from unknown brands on Amazon, especially if you see red flags like poor reviews and dubious branding.

Editors' Recommendations