A San Francisco, CA-based mobile security company Cheetah has found Android tablets sold with pre-installed malware on Amazon.
Investigations revealed a Trojan dubbing in the form of an app “Cloudsota” installed on the devices of several brands.
Researchers at Cheetah mobile came to know about the malware through telemetry data which came from their security app.
Without any surprise, all these Android tablets were having negative reviews and users reported problems like unremovable apps, popup ad ads, and hijacked browsers.
Further analysis from Cheetah found malware having root permissions and boost persistence, meaning even if a user manages to remove the app, it would re-install on its own.
Cloudsota was programmed to do more than what a normal malware does, it can on its own remove security apps, change browser’s homepage, change tablet’s wallpaper, install adware and lots more.
The infected brands include Alldaymall Tablet, FUSION5, JEJA 7 Zoll, JYJ 7, Tagital, and Yuntab SZ Wave.
Surprisingly, all the tablets are still on sale and purchased by many people each day. Only Cheetah security firm has found over 17000 devices with malware installed by default. Statistics of other brands may aggregate to over 100,000 devices with pre-installed malware.
The security firm believes the middleman in the supply chain of these tablets may be the one to blame. As 2 months back they found smartphones from Chinese manufacturers with same malware so this might be work of an organized ring of criminals, who are sending customers smartphone or tablets with pre-installed malware.
But, it still is a suspicion, investigations are still in progress and full story may well be disclosed in coming days.
This is not the first time when Chinese brands gadgets were found having pre-installed malware. In the past, a study revealed that Xiaomi, Huawei and Lenovo smartphones contain malware by default.