Low-end Android phones come with malware in up-and-coming markets
The software developer Upstream Systems conducted an investigation, after their platform, Secure-D, used by mobile network operators to prevent online transaction fraud, detected unusual activity from specific devices mostly in Brazil and Myanmar. In Myanmar, the device is called "Smart 12 4G Super Star", while in Brazil it is the "Multilaser MS50s". Both phones most likely have the same manufacturer but are branded differently by the carriers.
The app responsible for the activity is called com.rock.gota, but for users checking their installed apps it shows as "Software Update" or "Mobile Care". It comes preinstalled and can't be uninstalled by users. The malware was attempting to connect to servers in Singapore that were traced back to Gmobi, a Chinese company that provides "performance-based ad platform" and other services including Firmware-Over-The-Air. Some manufacturers use third party software for their firmware updates, instead of Google's, which explains why the software found its way to the devices.
According to the report, the app is responsible for the following malicious activities:
- Collecting and sending personal information such as: email, GPS location, device details and others
- Using the user's mobile data to access ads, generating false hits. This generates revenue for the owner of the app, without the advertiser actually receiving what they've paid for.
- Attempting fraudulent transactions and charges to the user's prepaid airtime.
In developing markets, where cheap Android devices are sold the most, a lot of people rely on prepaid plans to have better control over their usage. The malware can quickly rack up charges and consume valuable data allowance. Making matters worse, customers using such devices are rarely tech savvy enough to even notice the suspicious behavior before it's too late.
The app was detected in more than 8 countries, all of which considered emerging mobile markets. Those countries often still lack strict regulations when it comes to carriers and phone manufacturers, which makes it almost impossible for users to seek requital.
While this may not directly concern you, it should serve as a reminder to be vigilant about the software you install on your devices and the permissions apps are requiring.
source: Upstream Systems via AndroidGuys