Anti-fraud firm, Upstream has discovered a malware pre-installed on thousands of Chinese phones which are sold in Africa. The malware signs users up for subscription services without their authorization.
Upstream found the code on 53,000 Tecno mobile phones which were sold in Ethiopia, Ghana, Cameroon, Egypt and South Africa. The firm also reported that it had found ‘suspicious activity’ in more than 200,000 Tecno smartphones.
According to the phone manufacturer, Transsion, the malware was installed along the supply chain without their knowledge. Research firm, IDC revealed that Transsion is a leading phone manufacturer in China and the top-selling mobile phone manufacturer in Africa.
“The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against,” said Geoffrey Cleaves, head of Upstream’s Secure-D platform.
Upstream explains that the handset is pre-installed with a Triada Malware which then installs a malicious code known as xHelper on the phone. xHelper then finds subscription services and submits requests on behalf of the user, who is obviously unaware. This results in the user unknowingly subscribing to a lot of digital services which are typically paid for using prepaid airtime.
This could easily explain why a user can top up their airtime and within minutes, get a message alerting them of depletion.
Tecno refuted the claims saying that the issue was an “old and solved mobile security issue globally” which was fixed in 2018.
“For current W2 consumers that are potentially facing Triada issues now, they are highly recommended to download the over-the-air fix through their phone for installation or contact Tecno’s after-sales service support for assistance in any questions,” the firm told the BBC in a statement.
Tecno reiterated that it attaches “great importance to consumers’ data security and product safety”
“Every single software installed on each device runs through a series of rigorous security checks, such as our own security scan platform,” it added.
The revelation comes amid claims by millions of phone users that they are subscribed to services without their knowledge. In Kenya, the issue is quite common with Mobile Services providers bearing the brunt from angry customers demanding to know the genesis of the unauthorized subscriptions.
In 2016, Researcher Ryan Johnson discovered that more than 700 million Android Smartphones had malware pre-installed.
Google, which developed the Android OS, is aware of the issue but blamed third-party vendors who are used by manufacturers to install additional features such as Face Unlock which is used for pre-installing the Triada Malware.
Google said it was working with manufacturers to remove the threat from Android devices. Upstream commented that the trick was taking advantage of the most vulnerable.