US government-funded smartphones are shipping with pre-installed malware

Polycount

TS Evangelist
Staff member

The program certainly has the potential to do a lot of good for low-income families, but as is the case with many "free" offers, there appears to be a catch for some. According to a new report from antivirus software maker Malwarebytes, one specific Lifeline Assistance phone model, the UMX U686CL, has some nasty surprises hidden within.

The phone is being sold by Assurance Wireless, a US-funded offshoot of Virgin Mobile, and it allegedly contains unremovable pre-installed malware. Malwarebytes first discovered this information in October 2019, when it began to receive numerous malicious app complaints from owners of the device.

To verify these claims, Malwarebytes purchased a UMX U686CL for itself, and their findings were worrisome, to say the least. The first problematic discovery was a pre-installed app called "Wireless Update," which has been classified as "Android/PUP.Riskware.Autoins.Fota.fbcvd."

Wireless Update reportedly begins auto-installing apps (without user consent) from the moment the UMX U686CL is booted up for the first time. Malwarebytes says the apps installed by Wireless Update are not harmful by themselves, but any app that auto-installs other software without so much as informing users has the potential to be shady down the line.

In addition to Wireless Update, Malwarebytes found that the UMX U686CL's Settings menu is actually a "heavily-obfuscated piece of malware" known as a "Trojan Dropper" (Android/Trojan.Dropper.Agent.UMX, specifically).

A quick look through Malwarebytes' virus database offers the following definition for the malware:

Android/Trojan.Dropper is a malicious app that contains additional malicious app(s) within its payload. The Android/Trojan.Dropper will install the additional malicious app(s) onto an infected mobile device.

On the Android OS, most often the malicious app(s) to be dropped is/are contained within the Android/Trojan.Dropper's Assets Directory. The Assets Directory is an optional directory that can be added to an APK to store raw asset files. In the case of a Mobile Trojan Dropper, it contains a malicious APK(s) to be dropped and installed.

In the case of the UMX U686CL's sketchy Settings app, the malicious payload comes in the form of "Android/Trojan.HiddenAds." Another quick scan through Malwarebytes documentation doesn't reveal any information on this specific piece of malware, but similar variants, such as "Android/Trojan.HiddenAds.BiRa," allegedly display "annoying" full-screen ads on the host device's lock screen.

Malwarebytes believes this malware is Chinese in origin, due to the "Chinese characters" used for variable names within its code. However, one commenter countered this claim by pointing out that these characters are not Chinese, but instead Unicode characters that aren't being displayed properly. The code in question can be seen below:

Regardless of the malware's origin, its existence is still troublesome, and the problems it presents may not be ones the average user can solve.

"Although we do have a way to uninstall pre-installed apps for current Malwarebytes users, doing so on the UMX has consequences," Malwarebytes claims. "Uninstall Wireless Update, and you could be missing out on critical updates for the OS. We think that's worth the tradeoff, and suggest doing so. But uninstall the Settings app, and you just made yourself a pricey paper weight.

The company has provided users with a potential method for "remediating" this sort of "essential" malware, but it's not easy, and it might not work for everybody.

Malwarebytes has reached out to Assurance Wireless for an explanation on this matter, but the antivirus company received no response. We will also be attempting to contact Assurance Wireless ourselves, and we'll update this article if we receive a reply (though it's a bit unlikely).

Permalink to story.

 

Uncle Al

TS Evangelist
No doubt that anything from the government is going to have it's fair share of loopholes and woe are those that don't take the time to read that painfully dry documentation that comes with the product (it's all in there, buried). There is a method to the madness, but if they bothered to explain the "why" the program would not do as well as it does. Basic lesson, ALWAYS reset the phone and then take the time to weed out all the "junk" that you don't need .... convenience is no guarantee for privacy.
 
  • Like
Reactions: learninmypc

Squid Surprise

TS Evangelist
Basic lesson, ALWAYS reset the phone and then take the time to weed out all the "junk" that you don't need .... convenience is no guarantee for privacy.
This one is tougher though - you can't just reset it as the malware is embedded into the OS itself. If you uninstall the Malware, you have a paperweight.... Looks like this phone is simply a hard pass... When you get something for free (or $35 in this case), you often get what you pay for...
 
  • Like
Reactions: Charles Olson

Lamoismynamo

TS Rookie
I feel vindicated! I have been calling my UMX a Chinese Spy Phone since I received it. Because it has been turning itself on as well as displaying all the annoying crap. I have joked that the only thing I can do with it is to leave it across the room, upside down, under a pile of clothes with a dead battery in order to keep it from turning on by itself.
 

Lamoismynamo

TS Rookie
Assurance also says you have to turn it on at least once a month and make a phone call or send a text in order to keep the free service.
My UMX Chinese Spy Phone has not been turned on in half a year. Yet, I still have the freebee service.
It makes me wonder why they insist it must be used...
 

rrwards

TS Addict
"In a statement to ZDNet, Assurance Wireless said they "are aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware."

In a shocking (not really) twist, Assurance Wireless doesn't think it's a problem.
 
  • Like
Reactions: Charles Olson

BadThad

TS Addict
One of many reasons for not accepting ANYTHING "free" from the government. These "Obama phones" are nothing except a waste of taxpayer money. The more things the government gives people, the more freedom we lose!
 
  • Like
Reactions: dms96960

Ravalo

TS Addict
I think you can get a fully functional smartphone with android 8.1 go for around 40-50$ where I live
obviously with no malware preinstalled
 
Last edited:
  • Like
Reactions: wiyosaya

wiyosaya

TS Evangelist
To me, though I do not usually say this, the title is definitely click-bait. Why? There is no indication in the story that the crap installed by the pre-installed crap apps is by, or has anything to do with, the government. The crap is displaying ads - not political propaganda or political ads.

IMO, what this sounds like is that the government funding may fall far short of how much the phone costs and that the manufacturer is attempting to make up the cost difference so that they can actually make a profit on the phone instead of the far more likely losing money on the phone. IMO, the US government is too cheap to give away phones to anyone. If the government is giving anything at all to the manufacturer to cover the cost of the phone, it is likely to be pennies on the dollar at best.
 
  • Like
Reactions: Capaill

Capaill

TS Evangelist
To me, though I do not usually say this, the title is definitely click-bait. Why? There is no indication in the story that the crap installed by the pre-installed crap apps is by, or has anything to do with, the government. The crap is displaying ads - not political propaganda or political ads.
Yup, I agree. The article is all Malware, Malware, Malware, Trojan .... ads. So basically the only thing currently bad on the phone is ads which are common on any free app. Sure, there are opportunities there to install something worse but they are not there yet. Much ado about nothing (for now).
 
  • Like
Reactions: wiyosaya

Evernessince

TS Evangelist
One of many reasons for not accepting ANYTHING "free" from the government. These "Obama phones" are nothing except a waste of taxpayer money. The more things the government gives people, the more freedom we lose!
Nothing is free, in the end Americans are paying for this. That's why it's American's jobs to demand responsibility for things like this. A government is a reflection of it's people. I always see people complaining about the government but a majority of them don't even vote, much less formally complain. It is amazing to me that they don't see they are part of the problem.

"The more things the government gives people, the more freedom we lose!"

Just like last time you posted, you certainly do like making hyperbolic statements without providing anything to back them up. Not that anyone could back a statement like this up.
 

Bullwinkle M

TS Addict
I always see people complaining about the government but a majority of them don't even vote, much less formally complain. It is amazing to me that they don't see they are part of the problem.
How wrong could you possibly be?

The MAJORITY of Americans did not want Trump or Clinton for President

They voted for neither by not voting!

Did they get what they voted for?

Of those who DID vote, the majority voted for Clinton

Did they get what they voted for?

A tiny minority has decided upon themselves to ignore what the people want and make their own rules

Is that what you voted for?
 
  • Like
Reactions: Charles Olson

Evernessince

TS Evangelist
How wrong could you possibly be?

The MAJORITY of Americans did not want Trump or Clinton for President

They voted for neither by not voting!

Did they get what they voted for?

Of those who DID vote, the majority voted for Clinton

Did they get what they voted for?

A tiny minority has decided upon themselves to ignore what the people want and make their own rules

Is that what you voted for?
What's with people and hyperbolic comments today.

Voter apathy and the way America's voting system works are two completely different issues. I'm not going to deny that the way votes are counted is anywhere near perfect but that is not the topic I was discussing. You are only serving to further conflate the conversion.
 

wiyosaya

TS Evangelist
Instead of arguing like schoolgirls with wet undergarments, try reading about the "Obama phones" and if they are, in fact, "Obama phones".
https://www.freegovernmentcellphones.net/faq/obama-phone
Yes, doing so helps to keep the facts straight by actually educating one's self before claiming something is true. For instance, quoted from that very site:
The cell phone distribution program did begin in 2008, the year Obama was elected president, but that is a coincidence. Let’s look more closely at the facts.
I get it. You are just keeping "The Facts" straight.
 
  • Like
Reactions: Charles Olson

summermick

TS Rookie
I think this is fake. I don't think it is possible in java or any programming language to define variable names in Chinese and either think any normal programmer would do that because it's too much work even to spell the whole word for programmers.
 
Last edited:
  • Like
Reactions: CharmsD

Bullwinkle M

TS Addict
What's with people and hyperbolic comments today.

Voter apathy and the way America's voting system works are two completely different issues. I'm not going to deny that the way votes are counted is anywhere near perfect but that is not the topic I was discussing. You are only serving to further conflate the conversion.
Voter apathy is directly due to the way America's phoney voting sytem works!

It's the same issue

The majority does not want Trump OR Clinton, but they are not listening

Are YOU?
 

PEnnn

TS Maniac
One of many reasons for not accepting ANYTHING "free" from the government. These "Obama phones" are nothing except a waste of taxpayer money. The more things the government gives people, the more freedom we lose!
Were you asleep the last 4 years and just woke up??
 
  • Like
Reactions: Charles Olson

Yynxs

TS Maniac
Voter apathy is directly due to the way America's phoney voting sytem works!

It's the same issue

The majority does not want Trump OR Clinton, but they are not listening

Are YOU?
Voter apathy is due to politicians staying and going and never any change in the government.
Majority is what causes tyranny. The majority of the people just wants to be left alone and not be responsible for their government as long as the government lets them alone.

The US Republic is advanced Democracy, not simple majority, and as the governments of Canada, UK, Germany, and most of Europe show, a simple majority rule does not mean 51+ percent of the population wants the same thing. Voter fragmentation caused coalitions does not mean good government either.

You will believe what you want to believe, but the US Republic retains a stable government representation for a minimum of two years and a stable leadership for four years. The Founders designed it this way and it works.

The reason for the continuous griping about the last leadership change is a case of the tyranny of the minority (causing votes of no confidence elsewhere) which did not and does not want to wait for the voters because they are not controlling the message anymore.

Statements about who the majority wants and 'voter apathy' should be held until the 2020 election is completed. The proof is in the pudding and sweeping statements of "I told you so" can be made then.
 
  • Like
Reactions: Charles Olson