In this day and age, malware can often come across as an abused word. This is because every so often, you are bound to encounter it. More so when it comes to Android devices and their security.
However, every once in a while a research here and a discovery there come about that get our sensitive antenna’s up. Like the latest report from internet security firm Avast detailing multiple instances of malware being found pre-installed on hundreds of budget smartphones from both known and barely-known brands.
According to the Avast report, the malware, known as Cosiloon, coupled with other known attack methods identified by the researchers, mostly adware, affected users in as many as 90 countries with.
What is more alarming and saddening at the same time is that the exploits demonstrated by Avast researchers in their report had been captured by Dr Web‘s security analysts 2 years ago and no action had even been taken.
While, according to Avast’s report, the threat posed by the malware and adware in question has been lessened by its longevity (variations of it have been around for 4 years now) hence most security solutions, including Google’s own Play Protect, have been able to neutralize it to some extent, and some of the remote servers have since shuttered, some components are still able to install applications without users’ permissions, take over device displays to show ads and, of course, transmit sensitive user data like MAC addresses and IMEI numbers to their benefactors abroad.
At least 18,000 devices were identified by Avast as having the adware in the last one month alone.
Some of the devices and their makers are identified in a document that Avast has included in its report and the names there are damning. There’s a ZTE device with the MT6735 MediaTek processor, for instance, and the Chinese device maker’s Blade E7T tablet which sold in Zimbabwe for just under Kshs 15,000.
A brand that some Kenyans may identify with because its devices have been on sale in the local market for a while now, Prestigio, also has several devices making the cut. As does West African darling Archos, the maker of a once-popular Android media player app and a renown French mobile device brand.
The common denominator to all the identified infected devices appears to be that they are all powered by chipsets from Taiwanese maker MediaTek. MediaTek-powered devices were recently identified by another study as making up the majority of devices that were missing out on security patches due in part to the lack of fixes from their maker. As most of the identified devices are dirt-cheap, their final pricing is as a result of internal components also being, well, cheap. And therein lies the problem.
Being an Avast study, this means the numbers are just limited to the security firm’s user base since that is the only one who’s data it is able to properly obtain and analyze. Where does that leave us? It means that even more could be affected and there could be lots of undocumented instances of the same adware elsewhere which is even more scary and alarming given the massive threats posed by such. More so when it comes to harvesting sensitive user data which is this day and age’s most valuable currency.
The other bit is that since Avast is a security company selling its wares on and off the internet like any other, such reports will always include riders meant to direct users to their publisher’s own security solutions so it is always advisable to take anything they say with a pinch of salt. The good thing is that even them, in their statement, admit that Google Play Protect, whose song I have been singing for a while, helps in this situation.