Pre-installed malware discovered on Transsion phones

Pre-installed malware discovered on Transsion phones

Every year the news emerges of a malware that is stalking thousands of mobile devices through applications that deceive the good intentions of users (for example, in 2020 we met CovidLock ). However, no one would imagine that the phones would arrive from the factory with pre-installed malware, something that is happening with the manufacturer Transsion .

Transsion is a manufacturer of low-cost mobile devices that has a presence in several emerging territories, such is the case of the African continent where this serious problem has been discovered. In total , more than 19 million doubtful transactions have been found from countries such as Ghana, Egypt, Ethiopia, Cameroon and South Africa, in addition to Myanmar and Indonesia.

Transsion and a service subscription malware: Pre-installed malware discovered on Transsion phones

Transsion

Transsion includes malware on their phones

The investigation has been carried out by the security company Secure-D and published by the specialized site BuzzFeed News , all from detecting such high statistics of suspicious activities in the same type of Transsion phone model: Tecno W2 .

The company then acquired different phones and connected them to different mobile networks to confirm that they indeed arrived with a pre-installed malware called Triada. This, in turn, is responsible for installing a Trojan called xHelper that is capable of staying hidden on a device even after restoring it from the factory.

In this way, xHelper searches for subscription services or purchases that it can make according to the mobile network to which it is connected and thus it has already subscribed to unauthorized services or has made purchases not requested by users over about 200 thousand telephones on the African continent.

The person responsible for this scam to users does not seem to be the same manufacturer, but somehow the attackers have managed to infiltrate the malware into the SDKs that Transsion pre-installs to their phones . The brand has mentioned that the person responsible has not been identified but that it is part of the supply chain process and has also offered security updates for Triada in March 2018 and for xHelper at the end of 2019 (although it is up to the user to install them).

Leave a Reply

Your email address will not be published. Required fields are marked *