Security researchers have discovered malware pre-installed on a Chinese smartphone and designed to facilitate mobile ad fraud on a massive scale.
Upstream’s Secure-D Lab said it recorded 19.2 million suspicious transactions, which would have covertly signed-up unsuspected users to subscription services without their permission.
It traced them back to around 200,000 Transsion Tecno W2 handsets used mainly in Egypt, Ethiopia, South Africa, Cameroon and Ghana — although suspicious transactions were also detected in 14 other countries.
The security firm analyzed Tecno W2 handsets to find out more, and discovered that they had been pre-installed with well-known backdoor and malware downloader Triada. This in turn installed a Trojan known as xHelper onto compromised devices as soon as they connect to the internet, Secure-D explained.
“When xHelper components were found in the right environment and connected to Wi-Fi or 3G network (e.g. inside a South African network), they made queries to find new subscription targets, and then proceeded to make fraudulent subscription requests,” it continued.
“These happened automatically and without requiring a mobile phone operator’s approval. The investigation found evidence in the code that linked at least one of the xHelper components (‘com.mufc.umbtts’) to subscription fraud requests.”
The umbtts application was apparently capable of generating clicks on ad banners without users’ knowledge.
According to a Google investigation, Triada is the result of a vendor somewhere in the manufacturing supply chain placing it on device firmware, usually without the knowledge of developers or manufacturers.
Users of the device were urged to check for high data usage and unexpected charges.
“While Transsion may not have been aware of the malware when the devices were sold to consumers, they do suffer the consequences and negative press related to this issue,” argued KnowBe4 security awareness advocate Erich Kron.
“This is an example of how important it is to take supply chain security seriously, as something done by a supplier or business partner can seriously impact your brand or even lead to legal liabilities.”