Ad Dropping Malware Comes Pre-Installed On Some Android Devices

Security researchers at Avast Threat Labs have discovered some old malware on new devices. The malware, named Cosiloon, comes preinstalled in the firmware and OS of several Android devices. The devices are mostly manufactured by ZTE and Archos, they mostly use MediaTek chips, and the devices are, for the most part, not certified by Google. The malware is believed to have infected over 18,000 devices in over 100 countries, but is most prevalent in Europe.

Google has been informed of the malware issue, but there isn't a whole lot that they can do to quel the problem since the malware is coming preinstalled on the device. The malware comes in the form of two dropper apps that can reach out to a command and control server to get ad payloads that it can then load on top of webpages that you request.

The malware is also able to detect when it is run through an antivirus emulator, and will delay any nefarious actions in order to avoid detection. So far, the malware appears to only deliver ads, but it could easily be used to deliver other more dangerous payloads such as ransomware. Some antivirus software will detect the payloads, but there isn't anything that can be done to remove the droppers since they are installed at the firware/OS level.

The bottom line is that you must make sure to purchase devices from reputable manufaturers that receive certification from the device/OS manufacturer, and you need to make sure to keep up-to-date mobile malware software installed and activated on your device. And this goes without saying, but don't click on ads!