At least two cheap Chinese brands caught with pre-loaded malware on their devices

It feels like we're seeing news about Android malware much more often these days, often in relation to Google's increasingly poor grip on Play Store apps' security. But more often than not that type of malware comes from third parties with no real access to users' devices.

Not this time, though: according to researchers at Dr. Web, a particular Trojan strain named Triada has been discovered on several cheap, Chinese-made devices. The major difference, however, is that rather than infect users from the outside, Triada actually comes pre-installed on their devices. And since it comes loaded into a major Android system library, it has access to any application currently running on the phone.

As for the offenders, the researchers name four specific devices from two manufacturers: the Leagoo M5 Plus and M8, and Nomu S10 and S20. Sure, both of these companies aren't exactly household names, but as of writing, all of the devices mentioned can still be freely purchased through Amazon. And seeing as ultra-cheap phones are often some of the best-selling devices on the site, this has serious implications for the end consumer.

In a similar case, U.S. phone maker Blu had its devices removed from Amazon's Prime exclusive program due to a recent report on their potentially risky data-sharing behavior. Blu, however, is publicly refuting these claims, and argues that its Chinese partner's data collection is intended for OTA update purposes only.

Dr Web stops short of claiming Leagoo and Nomu are to blame for the malware, instead suggesting individuals inside the respective companies or their partners are responsible instead. It has also reportedly notified the two manufacturers of the issue, and recommends users to install any future software updates. Regardless of who did it, though, the end result is the same: devices are getting sold pre-installed with malware.

source: Dr. Web via Neowin



8. charvi

Posts: 2; Member since: May 13, 2017

I am quite impressed by the camera of NOMU M8, how long it will come out? It’s long time for us rugged fans to wait such a good phone.

6. L0n3n1nja

Posts: 1620; Member since: Jul 12, 2016

Happens with windows computers/tablets as well. There's a reason to buy from a trusted name brand, and not some cheap knock off company.

2. jeroome86

Posts: 2314; Member since: Apr 12, 2012

Good grief.

1. kiko007

Posts: 7525; Member since: Feb 17, 2016

I mean, what did you expect when buying cheap off-brand products?

3. PhoneCritic

Posts: 1382; Member since: Oct 05, 2011

Absolutely, and worst of all from unknown and disreputable Chinese manufactures ( "unknown " I did not say all Chinese brands are disreputable Oppo- Hauwai, Xiamo < I know I spelled them all wrong) wanting to make a quick buck. PA Please " Google's increasingly poor grip on Play Store apps' security." Really? come on this is happening in China where Google ,admiringly, refused to have the Communist government censor and wanted back doors to all Google services. Google was kicked out of China. Remember? They have no control in the region. Apple also has had its app store and iCloud service invaded or hacked by malicious individuals or groups But PA never writes " Apples increasingly poor grip on the apps Store' security." Be fair

4. bucky

Posts: 3797; Member since: Sep 30, 2009

the icloud stuff was guessed passwords.....there is a pretty big difference there.

7. Crispin_Gatieza

Posts: 3201; Member since: Jan 23, 2014

It was guessed passwords because Apple said so or the affected parties? We may never know the truth because Apple isn't going to admit a security hole in their services and these celebs aren't about to announce to the world they're complete morons. I'm suspecting a bit of both. But if Jennifer Lawrence and the others are so stupid and careless with their passwords, why was it only their iCloud accounts that got hacked? Surely these hackers could tap into more critical accounts knowing their victims were such bubble-brains.

5. mikehunta727 unregistered

PA did write plenty of articles about when iCloud and Google accounts from that "iCloud celebgate" event got hacked. Actually, more Google accounts were hacked in celebgate than iCloud accounts

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless