Malware in Alcatel smartphones Pre-Installed App
An official Alcatel smartphone application, available for download on Google Play Store, has been found to be infected with malware.
A weather forecast application which claims to provide accurate forecasts and timely local weather alerts that comes preinstalled on Alcatel smartphones contained malware that secretly subscribed device owners to premium phone numbers behind their backs.
“Weather Forecast-World Weather Accurate Radar” is the infected app, which has been developed by TCL Corporation, a Chinese multinational electronics company which also owns the Blackberry, Palm, and Thomson brands.
The app is one of the default apps that TCL installs on Alcatel smartphones, but it was also made available on the Play Store for all Android users, where it has been downloaded and installed by more than ten million users.
Malware in smartphones- Detailed Analysis
The researchers initially have detected that app is accumulating user’s data such as geographic locations, email addresses, IMEIs, and sending it to remote TCL servers located in China.
As mentioned earlier, the infected app also tried to subscribe users to premium phone numbers, which would incur large charges on users’ phone bills.
Pre-Installed App Infected with Malware Causes Financial Losses to Its Owners
- In Brazil, 2.5 million transaction attempts initiated from this rogue Weather application on Alcatel smartphones were blocked in July-August 2018. Those 2.5 million transaction stabs to purchase a digital service originated from 128,845 unique mobile phone numbers.
- In Brazil again but for another premium digital service, 428,291 transaction attempts initiated from this Weather application on Alcatel smartphones were blocked in July and August 2018.
- In Kuwait, 78,940 transactions attempts initiated from Alcatel devices were blocked in July-August 2018.
- Transaction attempts initiated by the infected Weather application on Alcatel smartphones were also blocked in South Africa, Nigeria, Tunisia, and Egypt.
Researchers also detected adware behaviour originating from an infected phone that the company had purchased from its former owner.
Furthermore, adware is intended to cause damage, disrupt, steal, downloading or installing new versions of malicious programs or in general impose some other harmful action on your data or network.
The infected weather app would run in the background and every time you go online, you would end up being redirected to a third-party website, or you would see online ad banners on your screen either it would be of some discount offers or some bogus security alerts.
This would lead to 50MB to 250MB of data being consumed per day by the application's unwanted activity, thereby app exhausting internet access data plans and causing even more financial losses to the victims.
With each click on pop-up ads, there are high chances that the cyber attackers are earning money via PPC and also injecting viruses and malware on the Alcatel devices.
To Conclude
The source of the malware infection into the weather app appears to be a TCL developer who had his system compromised, although this is only a theory.
If you’re one of the many unfortunate victims who has downloaded the weather app from Google Play Store, we advised you to remove the infected application as soon as possible before it causes more damage to your smartphone.
At the moment this particular incident where a fraudulent app infected with malware made it past Google’s scanner and tried to put the privacy of Android smartphone users at stake which definitely raises questions around privacy policy of these Chinese electronic companies and also whether Google is doing enough to protect Android users from such practices.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
