Certain Android phones (including some from ZTE) have malware pre-installed at the firmware level

by Alan Friedman / May 24, 2018, 11:20 PM

Cosiloon displays unwanted ads over an Android user's browser

According to a report published by Avast Threat Labs, several hundred Android handsets made by ZTE, Archos and myPhone come pre-installed with malware called "Cosiloon." The malware displays an ad in the form of an overlay on the user's default browser. And since it is installed on the firmware level, it is very hard to remove. The good news is that most of these phones are not used by U.S. consumers as they are not certified by Google, and are powered by MediaTek chipsets.

That's not to say that the U.S. is totally free of "Cosiloon." Avast says that in the past month it has found it installed on 18,000 devices used by Avast users in countries like Russia, Italy, Germany, the U.K., and yes, the U.S. In fact, the malware has been spotted in over 100 countries.

Avast has spoken with Google about "Cosiloon" and the company has been able to reduce the capabilities of the malware on several models. To make sure that there is some kind of protection in the future, Google Play Protect has been updated. And Google has spoken with developers to inform them of the problem, and to motivate them to come up with ways to combat this malware.

source: AdvastThreatLabs

Options

18 Comments

1. cncrim

Posts: 1535; Member since: Aug 15, 2011

Conspiracy theory that chinese government could be behind ZTE phone spy on American citizen.... what for? Who knows. And that could be a reason why the ZTE phone is alot cheaper then other brand out there.

posted on May 24, 2018, 11:26 PM 5

2. Doakie

Posts: 2457; Member since: May 06, 2009

Meh. Having used ZTE phones and BLU phones which supposedly have malware on them I'm not going to lose any sleep over it. The govt is spying, Amazon is spying, Google is spying, Facebook is spying, everyone is spying, who is surprised anymore?

posted on May 24, 2018, 11:39 PM 10

3. Nine1Sickness

Posts: 896; Member since: Jan 30, 2011

Android users loves being spied on.

posted on May 25, 2018, 12:13 AM 4

8. iushnt

Posts: 3040; Member since: Feb 06, 2013

Since it’s indifferent in your daily life whether u r spied on or not.

posted on May 25, 2018, 2:01 AM 2

12. Leo_MC

Posts: 6141; Member since: Dec 02, 2011

Are you indifferent?

posted on May 25, 2018, 7:40 AM 0

9. Stranded87

Posts: 51; Member since: Sep 30, 2014

Yeah but adware (which this is) is actually annoying though

posted on May 25, 2018, 2:58 AM 1

4. path45th

Posts: 398; Member since: Sep 11, 2016

Cosiloon? Not a big deal. The Android itself is a malware that helps Google tracking everything.

posted on May 25, 2018, 12:51 AM 0

5. mootu

Posts: 1334; Member since: Mar 16, 2017

Google does track a lot of stuff, most of which you can turn off in Androids settings and you can delete almost everything from Googles servers just by requesting it. Apple track just as much but you don't have the option to stop that tracking or to delete it without deleting your full Apple Id.

posted on May 25, 2018, 1:13 AM 5

10. TMHKR

Posts: 202; Member since: Dec 08, 2012

Implying turning data collection off really turns it off...

posted on May 25, 2018, 6:17 AM 0

13. Leo_MC

You are simply wrong: iOS offers the user a high level of control over the privacy.

posted on May 25, 2018, 7:45 AM 0

6. Whitedot

Posts: 661; Member since: Sep 26, 2017

Ideealy you have to rush to the Play store and install avast imidietly. Right? :) For the purpose of article.

posted on May 25, 2018, 1:15 AM 0

7. vliang86

Posts: 337; Member since: Oct 05, 2015

Just pay more and get an iPhone, problem solved.

posted on May 25, 2018, 2:00 AM 0

15. TechSceptic

Posts: 1156; Member since: Feb 05, 2018

You could also buy a smartphone from a reputable Android brand, instead of these weird brands that i have never heard of. They don't even exist in Europe. If you simply avoid these 3 brands, then you have no issues. So generally speaking, you should probably spend a bit more money, instead of buying ridiculous cheap phones from these no-name companies.

posted on May 25, 2018, 10:05 AM 0

11. cmdacos

Posts: 3781; Member since: Nov 01, 2016

If you pay sub $400 for a phone, you get what you pay for.

posted on May 25, 2018, 7:01 AM 0

14. Ninetysix

Posts: 2931; Member since: Oct 08, 2012

Exactly! It's perfectly normal to have malware on 85% of Android's install base.

posted on May 25, 2018, 7:49 AM 0

17. isprobi

Posts: 797; Member since: May 30, 2011

I think it is more about a company's honesty than price. I recently bought my wife a new Sony Xperia XA2 Ultra for $370 and it is a nice Google certified phone.

posted on May 25, 2018, 1:08 PM 0

18. isprobi

Double post? I think it is more about a company's honesty than price. I recently bought my wife a new Sony Xperia XA2 Ultra for $370 and it is a nice Google certified phone.

16. isprobi

If you choose to buy a phone that is not Google certified you get what you get. Realizing that the people here on phonearena are probably more tech knowledgeable than the average phone buyer I do think Google should make it easier for consumers to know if a phone is certified. Maybe some type of official marking on the box that is not easily faked?