Connect with us


US government-funded smartphones are shipping with pre-installed malware



In context: if you are a member of a low-income family, you may have heard of the “Lifeline Assistance” service of the United States government. Among other things, the FCC-administered program provides low-cost cell phones to those who otherwise could not afford them.


Image result for US government-funded smartphones are shipping with pre-installed malware

The program certainly has the potential to work very well for low-income families, but as with many “free” offers, there seems to be a problem for some. According to a new report from the antivirus software manufacturer Malwarebytes, a specific Lifeline support phone model, the UMX U686CL, has some unpleasant surprises hidden inside.

The phone is sold by Assurance Wireless, a derivation of Virgin Mobile funded by the United States, and presumably contains immovable preinstalled malware. Malwarebytes first discovered this information in October 2019, when it began receiving numerous complaints from device owners for malicious applications.

To verify these claims, Malwarebytes bought a UMX U686CL for himself, and his findings have been nothing short of disturbing. The first problematic discovery was a preinstalled application called “Wireless Update”, which was classified as “Android / PUP.Riskware.Autoins.Fota.fbcvd”.

Reportedly, Wireless Update starts the automatic installation of the application (without the user’s consent) from the moment UMX U686CL starts for the first time. Malwarebytes states that the applications installed by Wireless Update are not harmful by themselves, but any application that automatically installs other software without informing users has the potential to be shaded.


Image result for US government-funded smartphones are shipping with pre-installed malware


In addition to the wireless update, Malwarebytes has discovered that the UMX U686CL Settings menu is actually a “very obfuscated malware” known as “Trojan Dropper” (Android / Trojan.Dropper.Agent.UMX, in particular).

A quick look at the Malwarebytes virus database offers the following definition of malware:

Android / Trojan.Dropper is a malicious application that contains additional malicious applications within its payload. Android / Trojan.Dropper will install additional malicious applications on an infected mobile device.

In the Android operating system, very often the malicious applications that will be removed are / are contained in the Android / Trojan.Dropper resource directory. The resource directory is an optional directory that can be added to an APK to store raw resource files. In the case of a mobile Trojan dropper, it contains a malicious APK that will be removed and installed.

In the case of the Sketchy Settings application of UMX U686CL, the malicious upload comes in the form of “Android / Trojan.HiddenAds”. Another quick analysis of Malwarebytes documentation does not reveal any information about this specific malware, but similar variants, such as “Android / Trojan.HiddenAds.BiRa”, presumably show “annoying” ads on full screen on the host device lock screen.

Malwarebytes believes that this malware is of Chinese origin, due to the “Chinese characters” used for variable names within its code. However, one commenter responded to this statement by pointing out that these characters are not Chinese, but Unicode characters that are not displayed correctly. The code in question can be seen below:
Regardless of the origin of the malware, its existence remains problematic and the problems it presents may not be the ones that the average user can solve.

“Although we have a way to uninstall preinstalled applications for current Malwarebytes users, doing so on the UMX has consequences,” says Malwarebytes. “Uninstall Wireless Update and you may lose critical updates for your operating system. We believe it is worth compromising and we suggest you do so. But uninstall the Configuration application and you will get an expensive paper weight.

The company has provided users with a potential method to “fix” this type of “essential” malware, but it is not easy and may not work for everyone.

Malwarebytes contacted Assurance Wireless for an explanation, but the antivirus company received no response. We will also try to contact Assurance Wireless and update this article if we receive a response (even if it is a bit unlikely).

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


GTA IV has disappeared from Steam because of Games for Windows Live




WTF?! If you’ve encountered the annoyingly annoying problem of old Windows Live games that don’t work, Rockstar has a solution: don’t buy them. The company was satisfied that it removed GTA IV from Steam due to the problems caused by the Microsoft Games for Windows Live platform, although in theory it could be solved with an update. Confused? Me too.


Image result for GTA IV has disappeared from Steam because of Games for Windows Live


You may or may not have noticed that Grand Theft Auto IV is no longer available on Steam. Although it’s an old game, it could be said to be the best game in the GTA series. The removal of the purchase link from your page was due to problems with the Microsoft Games for Windows Live (GFWL) platform. Rockstar confirmed that this is the case in a statement to The Verge:

“Grand Theft Auto IV was originally created for the Games For Windows Live platform. Since Microsoft is no longer compatible with Games For Windows Live, it is no longer possible to generate the additional keys necessary to continue selling the current version of the game. We are looking for other options to distribute GTA IV for PC and will share more information as soon as possible. ”

Microsoft closed the Windows Live game store in 2013, marking the beginning of a phasing out of the platform which was launched in 2007. Finally, Redmond decided that it made no sense to continue supporting GFWL in competition with Xbox Live and the support ended in 2014. Players could only redeem points on one or the other. Furthermore, it intervened in its cross-compatibility plans.

Since the removal of the platform, many users have complained that GFWL is causing problems with some games, including GTA IV. Although alternative solutions exist, they are quite complicated. So much so that people have published long guides on how to run the game.

In light of this, Rockstar has decided to stop selling it until it finds a distribution solution that works. Apparently, the company believes that removing GFWL from a twelve-year title is not part of the budget, but has not specifically excluded it as an option. However, it may not have been as problematic if the study had addressed the problem like other editors in 2013, when it was clear that the problematic platform was coming out.

Even more confusing is that Rockstar did not update the game two years ago to eliminate expired songs. Of course, deleting the song files and changing the code that calls them is a much simpler solution than trying to fix the GFWL disaster.

Continue Reading


A new MacBook could be in the works, according to Apple regulatory filing



What just happened? It’s a new year and with it comes the usual influx of product rumors, teasing and regulatory presentations. Today’s news falls into the latter category: a mysterious new Apple product has appeared in the databases of the Eurasian Economic Commission and, although the details are scarce, there are reasons why MacBook fans get excited.


Image result for A new MacBook could be in the works, according to Apple regulatory filing

The product was first seen by 9to5Mac and bears the model number “A2289”. In particular, the presentation (which has been approved) attached to the article refers to a “personal laptop”, which is the perfect description for a new MacBook.

However, if that’s not enough, the presentation also indicates that the device will run macOS 10.15. Unless Apple plans to implement the desktop operating system on its mobile devices, a new MacBook is almost confirmed. However, as we said, other details are unknown: we are not sure what the screen size or resolution will be, nor do we know how much the device will cost or what new features it will have.

That said, we can make some informed assumptions. As 9to5Mac points out, it would be logical for the next MacBook to introduce Apple’s old (but golden) scissor switches, the predecessor of the notoriously unreliable butterfly keyboard design that has hit Mac users in recent years.

The next laptop will likely be 13 inches in size, as Apple launched a 16-inch MacBook with scissor switches a couple of months ago. However, this is pure speculation and Apple may have something completely different up its sleeve (perhaps a new MacBook Air).

However, we are excited to see what this mysterious notebook will look like. There is likely to be an announcement or at least a provocation for the device at some point in the next three or four months (or less, if we’re lucky).

Continue Reading


Princeton study: US carriers do little to protect customers from SIM-swap attacks



In summary: if you use SMS for two-factor authentication in your online accounts, you can change it as soon as possible. According to Princeton researchers, five of the major U.S. operators. UU. They are doing little to protect you from SIM exchange attacks, which offers attackers an easy way to reset their passwords and access their confidential data or impersonate online.

Image result for Princeton study: US carriers do little to protect customers from SIM-swap attacks

While it’s always a good idea to use multi-factor authentication to protect your online accounts, it doesn’t mean you’re completely safe from anyone who wants to steal sensitive personal data.

According to a Princeton University study, five of the major prepaid U.S. operators. UU. They don’t protect it from something that experts call a “SIM swap” attack. We have covered this type of theft several times in the past.

The way it works is for an attacker to convince an operator to reassign the victim’s phone number to a new SIM card without going through all the standard security questions to verify his identity. This effectively allows the scammer to hijack someone’s account and use two-factor authentication to reset passwords on important online accounts such as emails and bank accounts.

The researchers signed up to 50 prepaid accounts in Verizon, AT&T, T-Mobile, US Mobile and Tracfone and spent much of 2019 looking for ways to trick call center operators into linking their phone numbers to a new one. SIM. What they found was that they only needed to successfully respond to a security challenge to do so, even after multiple unsuccessful attempts, which claimed not to raise any warning signs.

After intentionally providing incorrect PINs, they were asked to verify other details such as postal codes or other information about the owner of the real account. Investigators told call center employees that they could not remember that the information at that time the standard procedure seemed to be to ask for the last two calls made from their number.

This is the weakness that makes the process exploitable. Attackers can easily trick someone into calling specific numbers by using websites that promise one thing or another. The researchers also found that 17 of the 140 online services that use SMS for two-factor authentication don’t use any other method to verify their identity, which makes it even easier for scammers to commit identity theft or steal information. Personnel of the victims.

Princeton experts have informed operators and T-Mobile told them earlier this month that they no longer use call logs as an authentication method. Others, such as Verizon and US Mobile, said they had received less than 1% of SIM exchange requests over the phone and continuously updated their cybersecurity practices.

The obvious conclusion is to avoid using SMS as a two-factor form of authentication and instead use an authentication application. For those of you who own an Android phone, Google allows you to use the phone as a two-factor physical authentication key, which is the safest method there is.

Continue Reading