Certain Android phones (including some from ZTE) have malware pre-installed at the firmware level

According to a report published by Avast Threat Labs, several hundred Android handsets made by ZTE, Archos and myPhone come pre-installed with malware called "Cosiloon." The malware displays an ad in the form of an overlay on the user's default browser. And since it is installed on the firmware level, it is very hard to remove. The good news is that most of these phones are not used by U.S. consumers as they are not certified by Google, and are powered by MediaTek chipsets.

That's not to say that the U.S. is totally free of "Cosiloon." Avast says that in the past month it has found it installed on 18,000 devices used by Avast users in countries like Russia, Italy, Germany, the U.K., and yes, the U.S. In fact, the malware has been spotted in over 100 countries.

Avast has spoken with Google about "Cosiloon" and the company has been able to reduce the capabilities of the malware on several models. To make sure that there is some kind of protection in the future, Google Play Protect has been updated. And Google has spoken with developers to inform them of the problem, and to motivate them to come up with ways to combat this malware.

source: AdvastThreatLabs