It is well known that convenience breeds attack vectors in tech, and this is all the more true when considering cheap hardware. Unfortunately, the consequences of cheap devices often comes at the expense of security. Pre-installed Triada and xhelper malware have so far carried out a total of 19.2 million suspicious transactions from over 200,000 used or newly purchased phones.
According to HackRead, and Upsteam’s security platform, Chinese the manufacturer, Transsion manufactures low-cost Android smartphones riddled with pre-installed malware that enlists oblivious users on subscription services without their knowledge or permission. security researchers intercepted fraudulent mobile transactions and activity in 14 other locations. But this is just the blip on the radar, the malware riddled handsets ensued transactions of total 19.2 million recorded from over 200,000 unique devices originating from both used or newly purchased phones.
Triada malware basically acts as a software backdoor. It also has the capability to purport malicious code after receiving commands from the remote control server. In-depth analysis by researchers revealed that the Triada also downloaded a second malware called xhelper. The latter unknowingly ensues components that ensue click or subscription fraud campaigns. In this case, xhelper was discovered on 53,000 Transsion’s Tecno W2 smartphones.
As technology becomes more advanced it will also become cheaper. However, it is up to consumers to ensure that they do not compromise on security, even at the sake of cheap tech.
Cybersecurity experts have noted the importance of securing all aspects of the tech supply chain. As Martin Jartelius, CSO, Outpost24 stated:
“Supply chain security is both extremely important and extremely hard, in this case in a manner we have not really encountered before, but the exact same threat we see manifest here is a threat organisations worldwide have to tackle whenever choosing a supplier, and thereby their entire supply chain. Sadly for those of us who cannot make very deep and detailed reviews, selecting a sufficiently large vendor to know that the brand damage and financial impact of causing such an incident will mean there are stronger drivers to protect against it is one of few options offered to us as individuals. This not to state that going off brand is a problem or that all small manufacturers are a risk, in no way should this be the case, but the consequences for a larger vendor are of course more dire and impact their investments in preventing it.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy:
“Unfortunately, this is not the first time something like this has happened. What’s even more unfortunate, this affects the buyers of low-end smartphones in poorer countries, which are those that can least afford it and are likely less tech-savvy.
If at all possible, I urge smartphone buyers to restrict their purchases to well-known vendors. Also, users should always immediately install reliable antivirus and anti-malware software that can identify and protect against malicious apps such as the Triada-related malware family. Also, always keep a close eye on bank accounts, credit card transactions, and mobile carrier accounts, to stay alert to any possible fraudulent transactions.
Phone makers such as Transsion, should practice extreme care when selecting third-party SDKs and modules for use in their products, otherwise, we’ll continue to see smartphone manufacturers having malware placed on their products.”
Erich Kron, Security Awareness Advocate at KnowBe4:
“Pre-installed software on mobile devices and even traditional PCs and Laptops has been an issue for a long time and is usually only an annoyance. In this case, however, it has gone a step further and become malicious. Manufacturers of these devices pre-install software through paid agreements with other organisations. This allows the manufacturer to be able to offer the devices at a lower cost, or to increase their profit margins. This is similar to how, by selling your viewing information and serving ads, smart TVs can be less expensive to purchase than non-smart TVs ( https://www.businessinsider.com/smart-tv-data-collection-advertising-2019-1 ).
In this case, the pre-loaded software was used maliciously to sign people up for subscriptions they did not want. While some of these subscriptions may not cost the consumer directly, it does use mobile data which is often a prepaid and limited commodity in the lower-end phone markets that were targeted by these devices. In addition, the malware that was installed could be used to install almost anything else to the phone, including banking trojans or other malware. To make matters worse, if the user resets the phone to defaults, because this is done from the factory, the malware is likely to be reinstalled along with the fresh operating system. This means removing it can be very difficult, especially for the consumer.
While Transsion may not have been aware of the malware when the devices were sold to consumers, they do suffer the consequences and negative press related to this issue. This is an example of how important it is to take supply chain security seriously, as something done by a supplier or business partner can seriously impact your brand or even lead to legal liabilities.”
