Mobile phones offered to low-income families via a US government scheme come preloaded with Chinese malware, according to a security company.
Malwarebytes said it had received several complaints that pre-installed apps on the phone were malicious. It had bought one to verify the claims and informed the company selling them, Assurance Wireless, of its findings but had not received a response, it said. The Android-based phone - UMX U686CL - is made by a Chinese company.
BBC News has contacted Virgin Mobile - which owns Assurance Wireless - for comment but has not yet received a response. One of the pre-installed apps, which looks and operates as a wireless update program, automatically installs more apps without user consent, according to Malwarebytes. And it appears to be a variant of Adups, malware previously traced to China, which transmits text, call-location and app data to a Chinese server every 72 hours. In 2016, researcher Ryan Johnson, of security company Kryptowire, found more than 700 million Android smartphones, including some in the US, had Adups installed. His report prompted investigations from Google and the Department of Homeland Security. A second app containing malware, on the UMX U686CL phone, used code containing Chinese characters, Malwarebytes said. And neither of the apps were removable.