The Unimax UMX U686CL is a Chinese-made smartphone distributed by the federally funded Assured Wireless by Virgin Mobile has been found to come pre-loaded with two malicious applications.
Malwarebytes researchers found the malware every owner finds on their phone is Wireless Update and amazingly the device’s own Settings app, neither of which can be removed from the phone or it will not operate properly.
Nathan Collier, Malwarebytes senior malware intelligence analyst, said settings functions as a heavily obfuscated trojan dropper detected as Android/Trojan.Dropper.Agent.UMX. After being installed one of the first pieces of malware dropped is HiddenAds.
The Malwarebytes team was able to witness this first-hand as the UMX U686CL it bought as a test bed was soon infected with HiddenAd adware. Malwarebytes reported the adware runs silently in the background, creates no icon and the only way to tell it is functioning is through device’s notifications bar area. Unlike a typical notification, it cannot be turned off or removed by swiping, instead an uninstall process must be undertaken.
“If you press and hold the notification, it will give the option to go to MORE SETTINGS. After clicking MORE SETTINGS, it will take you to the app’s notification settings. From there, press the app’s icon at the top. Lastly, it will take you to the app’s App info, where you can uninstall,” wrote Collier.
HiddenAd has been operating in the wild since spring 2019, but reports of malicious activity began climing in October 2019.
Wireless Update is the device’s primary method of receiving operating system updates, but Collier noted it also has the ability to auto-install apps without the user’s permission. Something it begins to do immediately upon activation.
Wireless Update is a variant of the previously known Adups, a Chinese company that has been caught collecting data and installing auto installers.
“While the apps it installs are initially clean and free of malware, it’s important to note that these apps are added to the device with zero notification or permission required from the user. This opens the potential for malware to unknowingly be installed in a future update to any of the apps added by Wireless Update at any time,” he said.
The most nefarious aspect of these two apps is they cannot be removed from the phone without disrupting operations. Pulling Wireless Update would halt any OS updates from being downloaded, a risk Collier said is worth taking, but Settings has to be left on board as its removal would destroy the phone.
The UMX U686CL is an entry level phone distributed by Assurance Wireless, a federally subsidized through the Universal Service Fund and only to people who qualify based on federal or state-specific eligibility criteria. This includes being on certain public assistance programs, like Medicaid, Supplemental Nutrition Assistance Program or on your household income.