Security News > 2020 > January > Threat From Pre-Installed Malware on Android Phones is Growing
Update] Pre-installed malware on Android phones is a growing menace - so much that on Wednesday this week, Privacy International and around 50 other international NGOs sent an open letter to Google demanding a stop to the habit.
The pre-installed malware comprises a Wireless Update app detected by Malwarebytes as Android/PUP.Riskware.
UMX. "From the moment you log into the mobile device," say the Malwarebytes researchers, "Wireless Update starts auto-installing apps. To repeat: There is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own." While it is possible to uninstall this app - which could potentially be used to secretly download malware - the user could miss out on critical operating system updates.
Secondly, pre-installed apps should be subject to the same Google scrutiny as is applied to Play Store apps.
"One of the biggest issues today," he commented, "Is that with system apps like the aforementioned Settings app, there is no solution. You should be able to easily update/replace system level malware with legitimate versions, even if generic, found on Google Play.".
News URL
Related news
- New LianSpy malware hides by blocking Android security feature (source)
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)