28 Android Phones, Including Lenovos, Have Factory Malware

News
By Andrew E. Freedman
published

At least 28 Android phones, including two Lenovo models, come preinstalled with malware that downloads apps without the user's permission.

Researchers at Russian antivirus maker Doctor Web have determined that at least 28 Android devices, including two Lenovo models, ship from the factory with preinstalled malware that downloads for malware, adware and other suspicious programs without the user's permission.

Credit: Borysevych.com/Shutterstock

(Image credit: Borysevych.com/Shutterstock)

The malware, Android.DownLoader.473.origin, was found embedded in the firmware on 26 off-brand phones, although the true number of affected devices may be even larger. The malware downloads and installs more apps when the device uses Wi-Fi to connect to the internet. One of the secondary apps, called H5GameCenter, runs ads on top of applications. To make it even more annoying, the downloader will reinstall an app if you uninstall it.

A second adware Trojan, Android.Sprovider.7, was found to infect Lenovo's low-end A319 and midrange A6000. This downloader also installs unwanted programs, and displays ads over other apps. It also creates a shortcut on the home-screen status bar and can make calls to phone numbers.

MORE: Best Android Antivirus Apps

Per Doctor Web, the known infected models are:

  • MegaFon Login 4 LTE
  • Irbis TZ85
  • Irbis TX97
  • Irbis TZ43
  • Bravis NB85
  • Bravis NB105
  • SUPRA M72KG
  • SUPRA M729G
  • SUPRA V2N10
  • Pixus Touch 7.85 3G
  • Itell K3300
  • General Satellite GS700
  • Digma Plane 9.7 3G
  • Nomi C07000
  • Prestigio MultiPad Wize 3021 3G
  • Prestigio MultiPad PMT5001 3G
  • Optima 10.1 3G TT1040MG
  • Marshal ME-711
  • 7 MID
  • Explay Imperium 8
  • Perfeo 9032_3G
  • Ritmix RMD-1121
  • Oysters T72HM 3G
  • Irbis tz70
  • Irbis tz56
  • Jeka JK103

"[C]ybercriminals generate their income by increasing application download statistics and by distributing advertising software," the Doctor Web researchers wrote. "Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were incorporated into Android firmware because dishonest outsourcers who took part in creation of Android system images decided to make money on users."

The researchers also wrote that manufacturers have been notified.

It's notable that Lenovo, a big-name manufacturer, is afffected. But we've seen other known brands, such as Xiaomi, release phones with malware before. And as we've recommended before, stop buying cheap Chinese handsets -- it's not uncommon to find malware on them right out of the box.

Andrew E. Freedman
Andrew E. Freedman

Andrew E. Freedman is an editor at Tom's Hardware focusing on laptops, desktops and gaming as well as keeping up with the latest news. He holds a M.S. in Journalism (Digital Media) from Columbia University. A lover of all things gaming and tech, his previous work has shown up in Kotaku, PCMag, Complex, Tom's Guide and Laptop Mag among others.