Some Alcatel phones were pre-installed with an app that carried malware

Some Alcatel phones were pre-installed with an app that carried malware
According to a report from Upstream, a mobile security firm (via CNET), a weather app pre-installed on certain Alcatel smartphones contained malware that would secretly subscribe owners of these handsets to premium phone numbers. The app, called "Weather Forecast-World Weather Accurate Radar," was not only pre-installed on Alcatel handsets, it also was offered on the Google Play Store; more than 10 million people installed the app on their Android phone

The most interesting part of this story is that the app was developed by Chinese phone manufacturer TCL. Yes, that's the same TCL that manufacturers handsets under the Alcatel, BlackBerry and Palm brands. And the malware was discovered when Upstream found a number of transaction attempts blocked by its security platform that were initiated by the Alcatel Pixi 4 and A3 Max handsets in Brazil and Malaysia. These transactions were for subscriptions to premium phone numbers.

Upstream says that its Secure-D security platform blocked 27 million subscription attempts generated by TCL's weather app. The company says had it not blocked these requests, consumers would have paid $1.5 million in bogus charges to their wireless provider. In addition, the app also collected information like a phone's unique IMEI number, email addresses and geographic locations and sent it to a server in China.

Eventually, the Wall Street Journal wrote a story about the app, and along with Upstream, contacted TCL and Google. The app has been removed from TCL handsets and from the Google Play Store. These stories are exactly the reason why the U.S. government is worried about smartphones and networking equipment coming from certain China based manufacturers.

FEATURED VIDEO

4 Comments

1. Subie

Posts: 2255; Member since: Aug 01, 2015

Alan, how can you write "the app was developed by Chinese phone manufacturer TCL", and then later write " And while there is no evidence that TCL is responsible"? That's a complete contradiction IMO, unless I'm reading it wrong...

3. Alan01

Posts: 561; Member since: Mar 21, 2012

There is no concrete evidence linking TCL with the malware even though it developed the app. Alan

2. markusinfinite

Posts: 71; Member since: Aug 05, 2016

Expected.

4. cjslman

Posts: 23; Member since: Aug 29, 2012

TCL is going to have a hard time explaining this... but I do find it very strange that a company as important/big as TCL would jeopardize their reputation on this kind of malware stuff.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.