Table of Contents

Beware Of Android Phones With Pre- Installed Malware In The Market
Malware / Malware News /

Beware Of Android Phones With Pre- Installed Malware In The Market

Well, we are not very far from the world where one day, everything that can protect you or can give you shelter will be hacked and controlled by the active hacking groups. Be it your home, car, gadgets, bank, money, etc. We can add up innumerable of things that can get hacked and the list would be too long.

As of now, hackers don’t even need to hack gadgets or anything because some of the Android phones are already there in the market with pre-installed malware. So, they don’t have to work that much to find out and exploit your data, they just have to get into your phone with already installed malware, that you aren’t aware of.

Incident like this was recently reported by one of the leading Mobile Internet solution provider, Upstream. According to them, low-end Android phones are being sold with already pre-installed malware across many countries. This malicious software is developed to execute digital advertising scams on user’s Android device.

Also Read : Some Common and Popular Types of Android Mobile Malware

What Can This Malicious Software Do?

1. Access to personal data, that can be exploited and transferred to 3rd country server without user’s permission.

2. Exhaust data limit and allowance, which is a major concern in evolving markets because the cost for Internet data is already very high.

3. Fraud advertisements and transactions, as this is the only way users pay digitally in many of the countries. For example, country like Africa where 94% of the population doesn’t even have a bank account or are linked with any financial institution.

How Does This Malware Work?

Well, the low-end Android phones that come with this malware, already have an file named ‘com.rock.gota’ installed in it.

As soon as the user turns on the device for the first time, the device started encrypted transmission of data to and from an URL that directs to unsecure server located in Singapore and used by Gmobi.

Soon after finding the transmissions, researchers found out that many of the advertising request has been sent and received through this network. And these requests run in the background making is unrecognizable for the user.

Once this is done, it finally redirects you to an Uber Promotional campaign page. It is still not confirmed that is the campaign page official or not.

Which Are The Most Affected Countries?

The most affected markets are of the countries Brazil, Myanmar and Malaysia.

On this, Upstream published some facts in their report that are as follows:

“In Brazil, Secure-D detected over 2 million fraudulent transaction attempts coming from Multilaser devices over one single month (November 2017), and for multiple digital services. These attempts represented 41% of the total 247,484 unique phone numbers that fraudulently attempted to purchase one of the services.

At the same time, in Myanmar, Secure-D spotted over 114,000 fraudulent transaction attempts coming from Smart branded devices. Those 114,000 fraudulent attempts represented 21% of the total 110,306 unique phone numbers that fraudulently attempted to purchase a digital service.”

Must Read : How To Remove Malware From Your Android Phone Or Tablet

So, this was all guys! Make sure you buy a smartphone that guarantees you safety and security of your personal data. And try not to buy phones from local merchants.

If you found this helpful, please let us know. You can also drop your feedback in the comment section below.


  1. ankush

    what kind of data it transfer photos or vedios or only ip address

    1. Tweak Library Team

      To make detection difficult, threat actors keep changing the way threat works, sometimes it will just steal IP address the other day photos, videos, contacts and more. This makes knowing the kind of data it transferred a bit complex .

Leave a Reply

Your email address will not be published. Required fields are marked *