Many cheap Android smartphones are 'promotional' codes for users

Avast has discovered a kind of malware called Cosiloon that is included in many cheap Android phones that are not certified by Google.

This malware will display ads for operating system applications, enticing users to download. Affected smartphones from ZTE, Archos and myPhone.

This malware contains:

1. A dropper (a malicious program in the / system partition designed to "install" some types of viruses) is only displayed in the list of system apps in Settings. This Dropper has 2 different names 'CrashService' and 'ImeMess'.
2. A payload (a code that runs on the victim's computer, used to perform certain activities, or is used to connect to an attacker's machine) is downloaded from a website.

Avast said: " The XML file contains information regarding what to download, which services to start, and contains a whitelist to exclude specific countries and devices from being affected." But Avast only saw a few devices that were included in this list in the early versions, and the countries never appeared, and now Cosiloon's entire URL is programmed hard into the APK file. No device or country is excluded.

Dropper is part of the system firmware and the user is not easy to remove it.

See more:

1. Warning: New malicious code is infecting about 500,000 router devices
2. Top 12 most dangerous backdoor in computer history
3. 7 kinds of ransomware you didn't expect