Hundreds of Android devices shipped with pre-installed malware

It is commonly believed that a brand new handset would be free from malware, adware and any malicious software. But, analysts Vojtech Bocek and Nikolaos Chrysaidos at Avast Threat Labs have proven it to be nothing else but a myth.

Avast researchers have identified adware malware that has already affected thousands of Android devices users worldwide within a month. According to their analysis, Android handsets manufactured by Archos, and ZTE have pre-installed malware dubbed as Cosiloon.

According to Avast’s blog post, this malware controls the device’s default browser to show an ad in an overlay format. Given that the malware is installed at the firmware level, it is quite difficult to delete it. It must be noted that a majority of the infected phones aren’t used in the US and aren’t certified by Google as well. The handsets are powered by Taiwan-based MediaTek chipsets.

Cosiloon malware displaying unwanted ads (Image credit: Avast)

Currently, several hundred handsets are infected and the models and versions vary as these include devices from a variety of different manufacturers. Avast researchers revealed that the adware was previously identified by Russian security researchers at Dr. Web who named it as Cosiloon and it has been active for the past three years at least.

Only in the previous month, it infected thousands of devices while the latest version of the adware is identified on nearly 18,000 devices that are owned by Avast users. A majority of these users are located in Germany, Italy, Russia and the UK and only a fraction of them are discovered in the US. Therefore, it cannot be stated that Cosiloon is not found in the US. The malware has infected devices in more than 100 countries.

List of infected devices identified by Dr. Web

MegaFon Login 4 LTE
Irbis TZ85
Irbis TX97
Irbis TZ43
Bravis NB85
Bravis NB105
Pixus Touch 7.85 3G
Itell K3300
General Satellite GS700
Digma Plane 9.7 3G
Nomi C07000
Prestigio MultiPad Wize 3021 3G
Prestigio MultiPad PMT5001 3G
Optima 10.1 3G TT1040MG
Marshal ME-711
Explay Imperium 8
Perfeo 9032_3G
Ritmix RMD-1121
Oysters T72HM 3G
Irbis tz70
Irbis tz56
Jeka JK103

The full list of infected devices is available here.

When Google was notified about the adware, the company responded quickly and reduced Cosiloon’s capabilities on some of the models to a great extent. Google Play Protect has also been updated and Google is in contact with developers to get further information on this problem as well as to combat the malware.


Previously, Avast added myPhone to the list however it has been removed since according to an email sent by myPhone to HackRead it was revealed that “It turned out that there was a mistake. Avast removed myPhone from the text.”

See: Pre-installed malware on Android devices made $115k revenue in 10 days

Related Posts