Reason to Not Buy Cheap Phones: Pre-installed Malware

People often purchase cheap phones from the market when they need some high-end features and cannot afford costly mobile phones. Manufacturers invest more in the advertisements for their cheap phones and hence, it attracts users’ eye at least once whenever they plan to purchase a new phone. But, you cannot even think that such devices can steal your private data!

Avast Threat Lab’s researchers found that more than 100 different cheap Android smartphone comes with the pre-installed malware. Well, the researchers have also listed the mobile phone manufacturers which mainly includes ZTE, myPhone, and Archos. These are major companies whose mobile phones comes with the malware pre-installed. But, as the Avast’s researchers claim, there is an easy fix available for this problem.


According to the report made by Avast Threat Lab, the malware is called as a ‘Cosiloon‘ which was first spotted by the Dr. Web in 2016. It was located in the device firmware. The main function of pre-installed malware is to show advertisement pop-ups on screen anytime, to install APKs without permission whenever the device is connected to the internet and to upload the private data like device IMEI number, IP address, phone number on the server. 

Image: Avast

While doing a study of these smartphones, researchers found that devices were not certified by Google. Further, the software installer provided in the device was not the Google’s property. But, it was added by the manufacturers. The screenshots show the pop-up ads comes on the screen while user using any application.

Until now researchers have found 142 devices comes with the malware pre-installed. However, the malware’s nature is different for every device because of the different firmware. This is the reason, Google has now added Google Play Protect in devices which provides the extra security while you install any applications. It filters every application from its own machine and if there is malicious code found in the app, it automatically removes it and warns the developer.