Skip to main content

Chinese malware found on U.S. government-subsidized phones

Cybersecurity firm, Malwarebytes says it has found pre-installed Chinese malware on some U.S. government-subsidized phones. The phones are offered to low-income families at significant discounts under the FCC’s Lifeline Assistance program that was first introduced three decades ago.

In particular, Malwarebytes has investigated an Android-based model dubbed the UMX U686CL that is being sold by Assurance Wireless, a subsidiary of Virgin Mobile. The phone is manufactured by a China-based company and is priced at $35 which also includes free calls, texts, and data.

The report claims the UMX U686CL came infested with two malware apps. One called Wireless Update was armed with unrestricted privileges and capable of installing apps in the background without any user consent. Being a system-level app, Malwarebytes says it is not possible to uninstall Wireless Update as it could adversely affect the rest of the phone’s functions.

Further, Malwarebytes discovered that Wireless Update was programmed under the same name as Adups, a Chinese company that has been caught in the past “collecting user data, creating backdoors for mobile devices and developing auto-installers.”

Adups was responsible for the massive 2016 Android breach which impacted over 700 million phones and prompted probes from Google as well as the Department of Homeland Security.

The second malware was deeply integrated within the Settings app which means removing it could render the entire phone inoperative. It housed a trojan called Hidden Ads that is configured to display ads even when you’re in other apps. Hidden Ads’ source code was riddled with encrypted Chinese characters, because of which Malwarebytes says it couldn’t pinpoint its exact purpose.

“As I have highlighted in this blog and blogs past, pre-installed malware continues to be a scourge for users of mobile devices. But now that there’s a mobile device available for purchase through a U.S. government-funded program, this henceforth raises (or lowers, however you view it) the bar on bad behavior by app development companies,” said Nathan Collier, Senior Malware Intelligence Analyst at Malwarebytes in a blog post.

Sprint has denied the allegations and in an email response, told Digital Trends that the company is “aware of this issue and in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware.”

FCC has declined to comment directly on the report and in a statement sent to Digital Trends over email added that “the FCC is not the “provider” of the service. Through the Lifeline program, the FCC funds voice and broadband service to qualifying Lifeline consumers but we do not provide the service ourselves. Lifeline funds do not support the cost of the handset or any other end-user device.”

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
The Pixel 7’s best camera trick is coming to the iPhone and all Android phones
Erasing items in Magic Eraser.

The Google Pixel series of phones, specifically the Pixel 6 and Pixel 7, have an exclusive feature called Magic Eraser. With Magic Eraser, you can get rid of unwanted objects in a photo, such as people in the background or things like power lines. As of today, Magic Eraser is becoming available to all Android phones and iPhone users through Google One.

Magic Eraser debuted on the Pixel 6 lineup, which includes the Pixel 6, Pixel 6 Pro, and the more affordable Pixel 6a, which is still available to purchase (the Pixel 6 and 6 Pro have been discontinued). If you have a Pixel 7 or Pixel 7 Pro, you also have the Magic Eraser feature. One of the reasons I had always wanted a Pixel device is because of Magic Eraser, and it is something that I desperately wished Apple would implement.

Read more
Samsung brings the Galaxy S23’s new software to older phones
Android 13 logo on the Samsung Galaxy S23 Ultra.

Samsung this week announced that it will be rolling out its latest One UI 5.1 software to current Galaxy devices, including the Galaxy S22, Galaxy Z Fold 4, and Galaxy Z Flip 4 lineups. The company debuted the Android 13-powered One UI 5.1 update on the Galaxy S23 Ultra this month, and it's bringing those extra features to general users.

“One UI 5.1 is the up-to-date example of Samsung’s commitment to providing Galaxy users with the latest innovations as soon as possible,”  Samsung's Janghyun Yoon said in a blog post. “Over the past several weeks, we have worked closely with our service providers and carrier partners to bring One UI 5.1 to current Galaxy smartphones and tablets around the world within a few short weeks of the Galaxy S23 series announcement.”

Read more
We have the Vivo X90 Pro, one of 2023’s most interesting Android phones
The Vivo X90 Pro held in a person's hand.

The Vivo X90 Pro has arrived, in preparation for our review. If you're not familiar with Vivo, it's part of the same tech empire as OnePlus, Realme, and Oppo — but it's not as closely related as those three are in terms of software, design, and partnerships. It's Vivo's partnership with Zeiss, in addition to a wider global launch for the X90 Pro, that has us intrigued.

Vivo and Zeiss have worked together on smartphone cameras since 2020, with the Vivo X60 Pro and X60 Pro Plus the first devices to come from the partnership. According to Zeiss, the pair work together not on just one component or software feature, but across the entire imaging experience, with the intention of assuring quality throughout. Zeiss doesn’t make cameras, but rather optics for cameras, so it’s different from partnerships like OnePlus and Hasselblad’s, where the focus is software.

Read more