Amazon Shipping Android Tablets with Pre-installed Trojan

A dangerous new Trojan, dubbed Cloudsota, has been found to be pre-installed on certain Android tablets being sold through Amazon and other major marketplaces.

According to researchers from the Cheetah Mobile Security Lab, the Cloudsota Trojan can install adware or malware on the devices and uninstall anti-virus applications silently. With root permission, it is also able to automatically open all installed applications. Furthermore, the Trojan can replace boot animation and wallpapers with ads, change the browser’s homepage and redirect searches to strange ad pages.

Over 30 tablet brands have been pre-loaded with the Trojan, among which the most severely affected are the no-brand tablets with Allwinner chips.

Cheetah Mobile said in an analysis that at least 17,233 infected tablets have been delivered to customers’ hands, in more than 153 affected countries, with Mexico, US and Turkey suffering the most. But this estimation is based on anonymous data collected by the company from its antivirus application; since many tablets are not protected by antivirus, the number may actually be significantly greater.

And worse, these tablets are still available on many online stores, including Amazon.

“A large number of customers have left comments on Amazon.com grumbling about the advertisements and popups,” Cheeta Mobile said. These tablets share some similarities that all of them are low-priced and manufactured by nameless small-scale workshops.”

Upon discovery, Cheetah Mobile reached out to Amazon to report users selling these infected tablets. It also notified companies involved whose products are found with pre-installed Trojans. “We advised those manufacturers to investigate their system firmware carefully, but unfortunately none have responded yet,” the firm said.

Consumers should beware no-name, cheap tablets for now. “This Trojan has existed for quite some time and victims have been consistently asking for help at Android forums like XDA, TechKnow and others,” researchers said. “While most people have no idea about Cloudsota’s potential risks, it is a ticking time bomb threatening your privacy and property.”

What’s Hot on Infosecurity Magazine?