Skip to main content

Thousands of cheap tablets sold on Amazon have Trojans pre-installed

cloudsota trojan malware on cheap tablets amazon shutterstock tablet travel airport
Shutterstock/Pressmaster
Security researchers at Cheetah Mobile have discovered potentially thousands of Android tablets for sale on Amazon that come pre-installed with a Trojan called Cloudsota.

The Cloudsota Trojan has root permissions and can give its author remote control of your device, as well as install adware, malware, or even uninstall your anti-virus app. The researchers believe that the Trojan originated in China.

Related Videos

Cheetah’s researchers claim, based on anonymous data, that at least 17,233 infected tablets have been shipped to users, mostly in Mexico and the United States.


The affected devices are mostly low-price tablets. Cheetah Mobile notes that around 30 manufacturers have tablets infected with this Trojan. Most often, it is tablets without a clear or well-known brand name that are affected. The researchers state that they have contacted the manufacturers, Amazon, and a number of other online retailers with their concerns but have yet to hear back.

“When we discover a questionable tablet, we send a notification to Amazon explaining the issue,” they said.

The majority of devices affected are low cost “no brand” tablets. Devices manufactured with Allwinner chips are the “most severely affected.” Other brands affected include SoftWinners, Advance, Rockchip, Joinet, and SW.

Customers should be extra wary of cheap tablets that may look like a good deal, but could be very risky, the researchers warn. People are advised to check the user reviews on these devices, which highlight some of the tell-tale signs.

“It always downloads malware on its own and has got to the point now where I cant [sic] connect to wi-fi or else i’m constantly bombarded by adverts making all apps crash, freeze or just unusable,” said one user in September 2014.

As recently as last month, people were posting similar reviews. Another said a Yuntab tablet was “Loaded with malware/adware that can’t be removed. Shows full screen pop ads all the time and suspends app you have running.”

If you purchased a tablet like this, some of the signs that you have been infected include constant ad pop-ups, changing homepages, and other apps regularly crashing. In many cases, rebooting the device will not remove the Cloudsota Trojan either.

“While most people have no idea about Cloudsota’s potential risks, it is a ticking time bomb threatening your privacy and property,” added the researchers, pointing out that the Trojan has in fact existed for some time.

In the meantime, it’s recommended that you don’t buy tablets from unknown brands on Amazon, especially if you see red flags like poor reviews and dubious branding.

Editors' Recommendations

Google Pixel Tablet: news, release date and price rumors, and more
The Google Pixel Table and the Speaker Dock.

After years of speculation, Google finally revealed the Pixel Tablet at its annual I/O conference in May 2022. Google was pretty vague at the reveal and has remained tight-lipped when it comes to giving official details about the upcoming tablet.

Luckily, there have been plenty of leaks and rumors about the Pixel Tablet that help paint a picture of what fans can expect when it finally launches later this year. Here's everything we know about the Google Pixel Tablet.
Google Pixel Tablet: design

Read more
A new Android 14 update is here — but you still shouldn’t download it
The Android 14 logo.

Google has released the second developer preview of Android 14, as the next major version of the operating system takes another step toward a full release. Like the first Android 14 developer preview, the clue as to who it’s for is in the name.

This early version is designed for developers to test new features and designs in their apps, and to explore how new tools in the software could help improve them. It’s not designed for everyday use by consumers -- that version will come later.

Read more
Your Google One plan just got 2 big security updates to keep you safe online
Two Google Pixel 7 Pro smartphones.

Google just added some major new security features to keep its Google One subscribers safe while on the web. After all, the internet is where you spend a lot of your time, whether that's looking things up, paying bills, shopping, booking appointments, or sharing photos with family and friends. That’s a lot of information, and Google wants to keep subscribers safe from the darker side of the web.

Regardless of whether you use an iPhone or an Android smartphone, all Google One subscribers are getting the following two security features.
VPN by Google One for everyone

Read more