Skip to main content

Chinese malware found on U.S. government-subsidized phones

Cybersecurity firm, Malwarebytes says it has found pre-installed Chinese malware on some U.S. government-subsidized phones. The phones are offered to low-income families at significant discounts under the FCC’s Lifeline Assistance program that was first introduced three decades ago.

In particular, Malwarebytes has investigated an Android-based model dubbed the UMX U686CL that is being sold by Assurance Wireless, a subsidiary of Virgin Mobile. The phone is manufactured by a China-based company and is priced at $35 which also includes free calls, texts, and data.

Recommended Videos

The report claims the UMX U686CL came infested with two malware apps. One called Wireless Update was armed with unrestricted privileges and capable of installing apps in the background without any user consent. Being a system-level app, Malwarebytes says it is not possible to uninstall Wireless Update as it could adversely affect the rest of the phone’s functions.

Further, Malwarebytes discovered that Wireless Update was programmed under the same name as Adups, a Chinese company that has been caught in the past “collecting user data, creating backdoors for mobile devices and developing auto-installers.”

Adups was responsible for the massive 2016 Android breach which impacted over 700 million phones and prompted probes from Google as well as the Department of Homeland Security.

The second malware was deeply integrated within the Settings app which means removing it could render the entire phone inoperative. It housed a trojan called Hidden Ads that is configured to display ads even when you’re in other apps. Hidden Ads’ source code was riddled with encrypted Chinese characters, because of which Malwarebytes says it couldn’t pinpoint its exact purpose.

“As I have highlighted in this blog and blogs past, pre-installed malware continues to be a scourge for users of mobile devices. But now that there’s a mobile device available for purchase through a U.S. government-funded program, this henceforth raises (or lowers, however you view it) the bar on bad behavior by app development companies,” said Nathan Collier, Senior Malware Intelligence Analyst at Malwarebytes in a blog post.

Sprint has denied the allegations and in an email response, told Digital Trends that the company is “aware of this issue and in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware.”

FCC has declined to comment directly on the report and in a statement sent to Digital Trends over email added that “the FCC is not the “provider” of the service. Through the Lifeline program, the FCC funds voice and broadband service to qualifying Lifeline consumers but we do not provide the service ourselves. Lifeline funds do not support the cost of the handset or any other end-user device.”

Shubham Agarwal
Former Digital Trends Contributor
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
Tips to keep your smartphone just as safe as a government official’s
Safety check on iPhone

It’s the holiday season, and that means an onslaught of bad actors trying to ensnare digital shoppers into their scams. Even Google had to publish a self-pat-on-the-back alert covering celebrity scams, fake invoice traps, and digital extortion. Of course, Big G took the opportunity to regale the virtues of Gmail’s anti-spam tricks.

The government, however, is dead serious about the threats, which extend well into the domain of intricate cyberattacks and telecom breaches targeting high-ranking officials and senior politicians. To that end, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines to protect smartphones.

Read more
The OnePlus 13 is officially coming to the U.S. in January 2025
The blue OnePlus 13 in a pool of water.

It’s official: The highly anticipated OnePlus 13 will launch internationally next month. The phone was announced weeks ago and launched first in China before its global debut.

According to OnePlus in India, the new phone will be available in three color options: Midnight Ocean, Black Eclipse, and Arctic Dawn. Notably, the Midnight Ocean colorway is the first OnePlus handset to feature microfiber vegan leather. The OnePlus U.S. site has also been updated to confirm that the OnePlus 13 is "coming soon."

Read more
Here’s every Pixel phone that can download Android 16 Developer Preview 1
The Google Pixel 9 Pro XL next to the Google Pixel 8 Pro.

Even though Android 15 launched only recently, Google is already moving on to Android 16, which is much earlier than is typical. And if you have a Pixel device from the past couple of years, you can get the Android 16 Developer Preview 1 right now.

Typically, when Google releases a beta for Android, the Pixel lineup gets it first before any other phones. When Google announced Android 16 earlier today, we didn’t know exactly which Pixel models would be able to get the Developer Preview. But Google just revealed which models can run Android 16, and two of them are a bit surprising.

Read more