The cybersecurity company Avast has identified a pre-installed Cosiloon adware in the firmware of a total of about 100 current low-end Android smartphones that distribute advertising through the browser and are installed during the assembly line of the devices.
The phones concerned belong to manufacturers such as ZTE, Archos, Prestige, and myPhone, and are in all cases low-priced terminals that are not Google-certified, as revealed by a report published by Avast.
The adware, which is known as Cosiloon, is present in the firmware that devices incorporate as standard and is usually developed in processors manufactured by MediaTek, affecting Android between versions 4.2 and 6.0.
The malware displays ads about the web pages that users visit from their browser.
The particular thing about this virus is that it can be installed during the telephone assembly line, although at the moment it is not known how.
Moreover, as part of the manufacturer’s firmware, the user cannot subsequently remove it, at least by conventional methods.
According to Avast, Cosiloon adware is active on 18,000 Android systems, in the past month
Cosiloon, which has been active for at least three years, has been detected on 18,000 mobile devices with Android operating systems in the past month, in a total of more than 90 countries including Russia, Italy, Germany, the United Kingdom, and the United States, according to Avast.
When operational, Cosiloon downloads an XML file when the user connects to a WiFi network that functions as a ‘manifest’, informing the malicious software which models of devices and within which countries it must infect.
According to the Avast report, for example, mobile phone users with smartphones in the Chinese language are excluded.
Avast has also warned about the presence of other varieties of related malware in the same applications that are distributing the Cosiloon adware. According to the company, the adware is even capable of downloading spyware or ransomware applications.