Skip to main content

Chinese malware found on U.S. government-subsidized phones

Cybersecurity firm, Malwarebytes says it has found pre-installed Chinese malware on some U.S. government-subsidized phones. The phones are offered to low-income families at significant discounts under the FCC’s Lifeline Assistance program that was first introduced three decades ago.

In particular, Malwarebytes has investigated an Android-based model dubbed the UMX U686CL that is being sold by Assurance Wireless, a subsidiary of Virgin Mobile. The phone is manufactured by a China-based company and is priced at $35 which also includes free calls, texts, and data.

The report claims the UMX U686CL came infested with two malware apps. One called Wireless Update was armed with unrestricted privileges and capable of installing apps in the background without any user consent. Being a system-level app, Malwarebytes says it is not possible to uninstall Wireless Update as it could adversely affect the rest of the phone’s functions.

Further, Malwarebytes discovered that Wireless Update was programmed under the same name as Adups, a Chinese company that has been caught in the past “collecting user data, creating backdoors for mobile devices and developing auto-installers.”

Adups was responsible for the massive 2016 Android breach which impacted over 700 million phones and prompted probes from Google as well as the Department of Homeland Security.

The second malware was deeply integrated within the Settings app which means removing it could render the entire phone inoperative. It housed a trojan called Hidden Ads that is configured to display ads even when you’re in other apps. Hidden Ads’ source code was riddled with encrypted Chinese characters, because of which Malwarebytes says it couldn’t pinpoint its exact purpose.

“As I have highlighted in this blog and blogs past, pre-installed malware continues to be a scourge for users of mobile devices. But now that there’s a mobile device available for purchase through a U.S. government-funded program, this henceforth raises (or lowers, however you view it) the bar on bad behavior by app development companies,” said Nathan Collier, Senior Malware Intelligence Analyst at Malwarebytes in a blog post.

Sprint has denied the allegations and in an email response, told Digital Trends that the company is “aware of this issue and in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware.”

FCC has declined to comment directly on the report and in a statement sent to Digital Trends over email added that “the FCC is not the “provider” of the service. Through the Lifeline program, the FCC funds voice and broadband service to qualifying Lifeline consumers but we do not provide the service ourselves. Lifeline funds do not support the cost of the handset or any other end-user device.”

Shubham Agarwal
Former Digital Trends Contributor
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
I used the CMF Phone 1, and it’s 2024’s best smartphone bargain
A person holding the CMF Phone 1.

You’ve got to stick with me for a bit here, as there’s quite a lot of background to go through before we get to the meat of what makes this new Android phone such a bargain. The phone is the CMF Phone 1, and while you may never have heard of CMF, you will have heard of Nothing -- the company co-founded by Carl Pei of OnePlus fame. CMF’s full name is CMF by Nothing, and it's Nothing’s sub-brand responsible for very reasonably priced but little-known mobile products.

If, like me, you’ve barely paid CMF much attention (if any) until now, then it’s time to change that. Why? The CMF Phone 1 is the sub-brand’s first smartphone, and it’s quite simply the bargain of the year.
Shockingly good specs

Read more
Update your Google Pixel phone right now to fix a big security issue
A person holding the Google Pixel 8a

Google just rolled out its July security update for Pixel devices. While last month's Feature Drop added some cool features, like Gemini Nano on more devices, this month's update addresses a critical security vulnerability. So, if you have a Google Pixel device from the Pixel 5a and later with Android 14, make sure to update it as soon as possible.

What’s the critical security issue? It’s known as CVE–2024–31320, which Google says, under certain conditions, allows third-party apps (“3p”) to bypass user prompts. If you have seen this happening on your Pixel device, then you should be aware that it’s not a good thing to have. So make sure you grab the July security update ASAP.

Read more
Android 15 will give your phone an important new security feature
Android 15 logo on a Google Pixel 8.

Google is introducing a security feature in Android 15 to guard against "juice jacking" attacks, as reported by Android Authority, The new feature is currently being tested in the Android 15 beta.

Wondering what a "juice jacking" attack is? It describes an event where a hacker secretly sends data payloads to your device, should it have the ability to both charge and transfer data over the same USB connection. This includes most modern smartphones, and examples of hardware used for juice jacking include mobile charging stations. Should the attack be successful, hackers could compromise the device, wreak havoc, and endanger your privacy.

Read more