As per various researched reports from Malwarebytes an Android phone provided by US Government to people with lower income, comes with pre-installed malware cannot be removed without making device halt.
Several complaints were lodged by users that the pre-installed apps on phone UMX U686CLwere malicious and harmful. Further the claims were verified by Malwarebytes. The smartphone is sold by Assurance Wireless which is owned by Virgin Mobile USA.
Upon further investigation, Malwarebytes found that one of the pre-installed apps, which operates as a wireless update program, has the ability to automatically install more apps without user’s consent resulting in making all the apps vulnerable to the malware.
Reports also states that the app acts as variant of malware previously traced to China called Adups which sends user’s text, call log, location and application data to a Chinese server every 72 hours. Along with Adups, Malwarebytes also found another malicious app on the UMX U686CL that contained the code written in Chinese.
“It’s important to realize that UMX isn’t alone. There are many reports of budget manufactures coming pre-installed with malware, and these reports are increasing in number. Although I don’t have the answer to this widespread issue, I can say that US citizens using the Lifeline Assistance Program and many others on a tight budget deserve more.” said Nathan Collier, Senior Intelligence Analyst at Malwarebytes.
Unfortunately for the users those who use UMX U686CL none of malicious apps can removed from the phone. The users were given the phone through Lifeline Assistance program which has offered phones to low-income Americans since 1985.
