Certain Android phones (including some from ZTE) have malware pre-installed at the firmware level

According to a report published by Avast Threat Labs, several hundred Android handsets made by ZTE, Archos and myPhone come pre-installed with malware called "Cosiloon." The malware displays an ad in the form of an overlay on the user's default browser. And since it is installed on the firmware level, it is very hard to remove. The good news is that most of these phones are not used by U.S. consumers as they are not certified by Google, and are powered by MediaTek chipsets.

That's not to say that the U.S. is totally free of "Cosiloon." Avast says that in the past month it has found it installed on 18,000 devices used by Avast users in countries like Russia, Italy, Germany, the U.K., and yes, the U.S. In fact, the malware has been spotted in over 100 countries.

Avast has spoken with Google about "Cosiloon" and the company has been able to reduce the capabilities of the malware on several models. To make sure that there is some kind of protection in the future, Google Play Protect has been updated. And Google has spoken with developers to inform them of the problem, and to motivate them to come up with ways to combat this malware.



1. cncrim

Posts: 1588; Member since: Aug 15, 2011

Conspiracy theory that chinese government could be behind ZTE phone spy on American citizen.... what for? Who knows. And that could be a reason why the ZTE phone is alot cheaper then other brand out there.

2. Doakie

Posts: 2478; Member since: May 06, 2009

Meh. Having used ZTE phones and BLU phones which supposedly have malware on them I'm not going to lose any sleep over it. The govt is spying, Amazon is spying, Google is spying, Facebook is spying, everyone is spying, who is surprised anymore?

3. Nine1Sickness

Posts: 896; Member since: Jan 30, 2011

Android users loves being spied on.

8. iushnt

Posts: 3122; Member since: Feb 06, 2013

Since it’s indifferent in your daily life whether u r spied on or not.

9. Stranded87

Posts: 53; Member since: Sep 30, 2014

Yeah but adware (which this is) is actually annoying though

4. path45th

Posts: 406; Member since: Sep 11, 2016

Cosiloon? Not a big deal. The Android itself is a malware that helps Google tracking everything.

5. mootu

Posts: 1527; Member since: Mar 16, 2017

Google does track a lot of stuff, most of which you can turn off in Androids settings and you can delete almost everything from Googles servers just by requesting it. Apple track just as much but you don't have the option to stop that tracking or to delete it without deleting your full Apple Id.


Posts: 202; Member since: Dec 08, 2012

Implying turning data collection off really turns it off...

6. Whitedot

Posts: 825; Member since: Sep 26, 2017

Ideealy you have to rush to the Play store and install avast imidietly. Right? :) For the purpose of article.

7. vliang86

Posts: 337; Member since: Oct 05, 2015

Just pay more and get an iPhone, problem solved.

15. TechSceptic

Posts: 1156; Member since: Feb 05, 2018

You could also buy a smartphone from a reputable Android brand, instead of these weird brands that i have never heard of. They don't even exist in Europe. If you simply avoid these 3 brands, then you have no issues. So generally speaking, you should probably spend a bit more money, instead of buying ridiculous cheap phones from these no-name companies.

11. cmdacos

Posts: 4260; Member since: Nov 01, 2016

If you pay sub $400 for a phone, you get what you pay for.

14. Ninetysix

Posts: 2965; Member since: Oct 08, 2012

Exactly! It's perfectly normal to have malware on 85% of Android's install base.

17. isprobi

Posts: 797; Member since: May 30, 2011

I think it is more about a company's honesty than price. I recently bought my wife a new Sony Xperia XA2 Ultra for $370 and it is a nice Google certified phone.

18. isprobi

Posts: 797; Member since: May 30, 2011

Double post? I think it is more about a company's honesty than price. I recently bought my wife a new Sony Xperia XA2 Ultra for $370 and it is a nice Google certified phone.

16. isprobi

Posts: 797; Member since: May 30, 2011

If you choose to buy a phone that is not Google certified you get what you get. Realizing that the people here on phonearena are probably more tech knowledgeable than the average phone buyer I do think Google should make it easier for consumers to know if a phone is certified. Maybe some type of official marking on the box that is not easily faked?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.