Thousands of mobile phones with malware that signed users up to subscription service without their permission have been sold in African countries such as Ethiopia, Cameroon, Egypt, Ghana, and South Africa.
The manufacturer of these mobile phones, Transsion, has claimed that malware was installed in the supply chain without the company's knowledge. However, the anti-fraud firm Upstream found the malicious code in 53,000 handsets of Transsion's subsidiary Tecno.
As per Upstream, the malware-infested mobile phones were mainly bought by people of lower income. The Upstream's Secure-D platform head Geoffery Cleaves explained that the threat was taking advantage of the most vulnerable people.
"The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against," said Cleaves.
Triada Malware
As per the security company, Kaspersky, Triada is a modular mobile Trojan malware that "actively uses root privileges to substitute system files and exists mostly in the device's RAM, which makes it extremely hard to detect."
After downloading and installing, the malware first tries to collect some information about the system, such as the device model, the OS version, the amount of the SD card space and the list of the installed apps. Later, the Triada Trojan sends all that information to the Command & Control server.
In the recent case, Upstream found the Triada malware mostly in Android phones. As per the reports the malware installs xHelper—a malicious code—which finds subscription services and submits fraudulent requests on behalf of users, without the victim's knowledge.
If the request is successful then the Triada malware consumes pre-paid airtime, the only way to pay for digital service in several countries around the world. According to Upstream, it found what it described as "suspicious activity" in over 200,000 Tecno smartphones.
Chinese Manufacturers
As per the research firm IDC, Transsion Holdings is known as one of China's leading phone manufacturers and in African countries, the Chinese company is the top-selling mobile manufacturer.
The Shenzhen-based company, Tecno Mobile, said that the issue was "an old and solved mobile security issue globally" for which it had released a fix in March 2018. As per BBC, the Chinese company said, "For current W2 consumers that are potentially facing Triada issues now," they can download the over-the-air fix through their phone for installation or "contact Tecno's after-sales service support for assistance in any questions."
Tecno, which was established in 2006, also claimed that it pays "great importance" to the customers' data safety and security because of which every single software installed on each of its devices "runs through a series of rigorous security checks, such as our own security scan platform."
