MalwareBytes Identifies 'Unremovable' Malware on US Government-Funded Phones

News
By
published

Offered by Assurance Wireless by Virgin. The settings app in its UMX U686CL phone is reported to be acting as a malicious Trojan.

(Image credit: Shutterstock)

MalwareBytes today revealed that Assurance Wireless by Virgin, which receives subsidies from the U.S. government to offer discounted cellular service to low-income Americans, sells an Android phone with "unremovable malware" installed.

The phone in question, the UMX U686CL, is said to cost just $35 from Assurance Wireless. (We couldn't find the device on the Assurance Wireless website, although we did find the UMX U683CL.) Assurance Wireless receives U.S. funds via the Lifeline program that offers discounted phone and broadband access to people who need it.

MalwareBytes said the UMX U686CL came with an app called "Wireless Update" pre-installed. Although the app does allow people to update the phone's software, it can also be used to install other apps without the owner's permission and MalwareBytes said it's actually a variant of the rightly maligned Adups software for Android.

Adups was criticized in 2016 and 2017 for secretly collecting user data via pre-installed apps that can't be removed without creating problems for the host device. In this case, Wireless Update is said to start installing apps the moment someone logs into the device, "with zero notification or permission required from the user."

But that's actually just the start of the UMX U686CL's problems. MalwareBytes said there's another piece of malware pre-installed on the device, and that one can't be removed without rendering the phone unusable. The company explained:

"It’s with great frustration that I must write about yet another unremovable pre-installed malicious app found on the UMX U686CL phone: the mobile device’s own Settings app functions as a heavily-obfuscated malware we detect as Android/Trojan.Dropper.Agent.UMX. Because the app serves as the dashboard from which settings are changed, removing it would leave the device unusable.

Android/Trojan.Dropper.Agent.UMX shares characteristics with two other variants of known mobile Trojan droppers. The first characteristic is that it uses the same receiver and service names. The receiver name ends with ALReceiver and the service name ends with ALAJobService. These names alone are too generic to make a solid correlation. But, coupled with the fact that the code is almost identical, and we can confidently confirm a match."

MalwareBytes noted that the UMX U686CL isn't the only budget smartphone that comes with malware pre-installed. The security company said it only expects that problem to get worse, too, and it's hard not to wonder how many of these devices escape scrutiny just because they're made for people without money to spare.

In its blog post, MalwareBytes said it "informed Assurance Wireless of our findings and asked them point blank why a US-funded mobile carrier is selling a mobile device infected with pre-installed malware," but it never heard back. Assurance Wireless doesn't appear to have commented after the report's publication, either.

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

20 Comments Comment from the forums
  • mihen
    They are tracking you. The Lizard aliens are gonna take you through your Obama Phones.
    Reply
  • joeblowsmynose
    US Government: "Are we still not tracking everything, every single one of our citizens, says does and thinks yet?"

    CIA: "Well for middle and upper class its easy, because they all voluntarily use all the social media platforms on their phones that we collect data from, so we can track them individually, but lower class people don't have mobile phones because they can't affor..."
    US Government: "Well give them some damn phones then!"
    Reply
  • bit_user
    which receives subsidies from the U.S. government to offer discounted cellular service to low-income Americans
    Huh? The US government subsidizes cell phone service for the poor? Why is my BS detector acting up? I've never heard of such a thing.
    Reply
  • pgde
    The FEDERAL UNIVERSAL SERVICE FUND (FUSF) which is added to each phone's bill funds the low income program.
    Reply
  • bit_user
    pgde said:
    The FEDERAL UNIVERSAL SERVICE FUND (FUSF) which is added to each phone's bill funds the low income program.
    Huh. I wondered how that could've gotten through both Congress & the PotUS, any time in the past decade. But, I see that it happened more than two decades ago:

    The FCC established the fund in 1997 in compliance with the Telecommunications Act of 1996.
    https://en.wikipedia.org/wiki/Universal_Service_FundAlso, I forgot that the telecoms lobby probably backed it. They get practically whatever they want.
    Reply
  • joeblowsmynose
    bit_user said:
    Huh? The US government subsidizes cell phone service for the poor? Why is my BS detector acting up? I've never heard of such a thing.

    All you have to do is ask "is there any reason that the US gov't might be motivated to do this?" (give people phones with tracking malware) ... if the answer is "yes" then it probably is true.

    Wars are fought with information these days, and the "peace loving" masses are seen as the enemy these days just as much as after the Vietnam war. We all know the alphabet agencies are collecting all the data they can so as to gain or keep an upper hand in this info "war". So there is motivation.

    Or, it could be that the telcoms companies are doing it for their own "data collection reasons"(whatever that might be), or, the hardware the are peddling for this progam was implanted with the malware at the factory, in China or something, for their spying purposes.

    But considering the Gov't is specifically funding these specific phones, I'd say option one has decent chance of being true.
    Reply
  • King_V
    I'm putting my money on "current ultra-pro-business government allows it because its allowing telecoms to profit off the poor."
    Reply
  • joeblowsmynose
    King_V said:
    I'm putting my money on "current ultra-pro-business government allows it because its allowing telecoms to profit off the poor."

    I'm assuming the malware is there on purpose - specifically for this "project". I could be wrong, but I tend to be a bit cynical. :)
    Reply
  • bit_user
    joeblowsmynose said:
    All you have to do is ask "is there any reason that the US gov't might be motivated to do this?" (give people phones with tracking malware) ... if the answer is "yes" then it probably is true.
    That's very much how conspiracy theories get started. Conflict of interest does not imply collusion. It might give you cause to look for collusion, but it cannot be taken as proof.

    You also have to ask who else would benefit from this, such as the carrier, themselves.

    joeblowsmynose said:
    the "peace loving" masses are seen as the enemy these days just as much as after the Vietnam war.
    In the case of propaganda, they can very much be the weapons used to swing elections or otherwise influence public policy.

    joeblowsmynose said:
    We all know the alphabet agencies are collecting all the data they can so as to gain or keep an upper hand in this info "war". So there is motivation.
    No, we don't all know that. How do you "know" that? What is your evidence?

    joeblowsmynose said:
    Or, it could be that the telcoms companies are doing it for their own "data collection reasons"(whatever that might be), or, the hardware the are peddling for this progam was implanted with the malware at the factory, in China or something, for their spying purposes.
    IMO, these are most likely.

    Another possibility is that a hacker inserted the malware, possibly by attacking the systems of the cell phone carrier.
    Reply
  • joeblowsmynose
    bit_user said:
    That's very much how conspiracy theories get started. Conflict of interest does not imply collusion. It might give you cause to look for collusion, but it cannot be taken as proof.

    I never said it was proof, but it might be strongly supporting evidence. Every crime evaluation needs a component of "motivation".

    bit_user said:
    You also have to ask who else would benefit from this, such as the carrier, themselves.
    I did indeed include that possibility in my post, and also one of China spying, which you would easily believe, but somehow not believe that US spies on people? Interesting ...

    bit_user said:
    In the case of propaganda, they can very much be the weapons used to swing elections or otherwise influence public policy.
    And so the government just stands by and watches this "weaponized swinging"? Or does the "two party democratic" system have interest in trying to use people in the same way to swing votes with both info and disinfo campaigns. Is this not how US politics works? Are not poilitical "attack ads", often brimming with lies and disinfo, the "weaponization" of voters to meet the ends of the party's goals? Its the exact same strategy. Governments are just upset that others are now catching on to this manipulation strategy and also using it.

    If you have two hours, this guy is effing brilliant and he breaks down the use, but mostly abuse of information in this day in age. The guy really sees it and says it like it is ... the entire "information ecology" is almost exclusively used for manipulation these days, from individuals and their "social" interactions. all the way to whole countries and everything in between. (trust me I think you'll like this, its definitely geared toward more intelligent people)

    7LqaotiGWjQView: https://www.youtube.com/watch?v=7LqaotiGWjQ

    bit_user said:
    No, we don't all know that. How do you "know" that? What is your evidence?
    Let me help with that then ... https://en.wikipedia.org/wiki/Mass_surveillance_in_the_United_States
    Perhaps scrolling down there, the NSA's "Infiltration of smart phones" section might be of use. I find Wikipedia articles are often a heavily watered down version of reality, but this is a good start.

    An excerpt: "According to the document, the NSA has set up task forces assigned to several smartphone manufacturers and operating systems, including Apple Inc.'s iPhone and iOS operating system, as well as Google's Android mobile operating system. Similarly, Britain's GCHQ assigned a team to study and crack the BlackBerry. "
    There's literally hundreds of articles on the topic ...
    https://www.theverge.com/2019/10/8/20905678/fbi-violated-americans-privacy-rights-court-ruling-fisc-surveillance-nsa

    I think it was actually a US president that once said: "The grandest conspiracy of all, is one so unbelievable, that no one would ever believe it could be true" -- I'm not sure he if he was referring to some existing "conspiracy" scenario, or if it was guidance. Either way, interesting ... and a true sentiment.
    Reply