Click Fraud Risk as Smartphone Discovered with Pre-Installed Malware


Level 73
Content Creator
Malware Hunter
Aug 17, 2014
Security researchers have discovered malware pre-installed on a Chinese smartphone and designed to facilitate mobile ad fraud on a massive scale.

Upstream’s Secure-D Lab said it recorded 19.2 million suspicious transactions, which would have covertly signed-up unsuspected users to subscription services without their permission.

It traced them back to around 200,000 Transsion Tecno W2 handsets used mainly in Egypt, Ethiopia, South Africa, Cameroon and Ghana — although suspicious transactions were also detected in 14 other countries.

The security firm analyzed Tecno W2 handsets to find out more, and discovered that they had been pre-installed with well-known backdoor and malware downloader Triada. This in turn installed a Trojan known as xHelper onto compromised devices as soon as they connect to the internet, Secure-D explained.

“When xHelper components were found in the right environment and connected to Wi-Fi or 3G network (e.g. inside a South African network), they made queries to find new subscription targets, and then proceeded to make fraudulent subscription requests,” it continued.

“These happened automatically and without requiring a mobile phone operator’s approval. The investigation found evidence in the code that linked at least one of the xHelper components (‘com.mufc.umbtts’) to subscription fraud requests.”