Malware that signed users up to subscription services without their permission has been found on thousands of Chinese mobile devices sold in Africa.
Xiaomi, Huawei, Lenovo, UMX, ANS, Infinix, and Tecno phones have all been found to have built-in malware that steals money, data, and user’s information. The malware is pre-installed and extremely difficult, sometimes impossible, to remove.
Cheap Chinese smartphones are particularly popular in developing countries with high poverty rates. The desire to be able to access the internet, while not spending months worth of wages on a Samsung or Apple phone drives Chinese-made phone sales, particularly in Africa.
Anti-fraud firm Upstream found the malicious code on the majority of Tecno, Infinix, UMX, and ANS mobiles sold in Ethiopia, Cameroon, Egypt, Ghana, and South Africa.
Similar malware was also found on Lenovo, Xiaomi, and Huawei phones, but with less prevalence than the cheaper versions manufactured by Transsion Holdings, the third-largest manufacturer of phones in the world and the largest in Africa.
Upstream said Transsion Holdings was taking advantage of the “most vulnerable,” as Chinese phones are often cheaper than Japanese, South Korean, or US-made phones. Tecno phones are sold in Africa for less than $30 or EGP 430.
Transsion Holdings has made a statement saying that the malware was added without their knowledge and that they will assist costumers with removing the malware. However, Transsion said the problem was resolved in 2018, a claim that runs counter to the findings of the recent Upstream report.
“The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against,” said Geoffrey Cleaves, head of Upstream’s Secure-D platform.
The Triada malware found by the firm on the Android smartphones installs a malicious code known as xHelper, which then finds subscription services and submits fraudulent requests on behalf of users, doing so invisibly and without the user’s knowledge.
If the request is successful, it consumes pre-paid airtime, the only way to pay for digital services in many developing countries.
In total, Upstream found what it described as “suspicious activity” on more than 200,000 Tecno smartphones.
According to research firm IDC, Transsion Holdings is one of China’s leading phone manufacturers, and in Africa, it is the top-selling mobile manufacturer.
Transsion Holdings manufactured phones make up around 10% of the Egyptian mobile market, with Chinese-manufactured phones making up around 30% of the Egyptian market.
Transsion has said that users of these phones can download programs that will prevent the malware from overcharging them, but for many low-income users the issue is a frustrating problem that compounds their pre-existing poverty.
At the beginning of the year, security firm Malwarebytes warned that similar pre-installed apps were found on another Chinese-made Android phone – the UMX U686CL an ANS mobile devices. These phones were offered to low-income families in the USA in a governmental program to make sure low-income families had access to a smartphone.
And in 2016, researcher Ryan Johnson found that more than 700 million Android smartphones had malware installed, the smartphones that had the malware include more popular brands like Huawei and Xiaomi.
Google, which developed the Android operating system, stated that it is aware of the issue, adding that there is very little they can do to combat the issue.
Owners of these phones were encouraged to download anti-malware programs to scan their phone’s operating systems to see if the malware is installed on their phones.