Alcatel smartphones came pre-installed with money-stealing malware
Alcatel smartphones may not be popular in India, but they still sell in big numbers, particularly in emerging markets. However, in a major surprise, Upstream, a UK-based security firm, has revealed that a bunch of smartphones from the company came pre-installed with malware. It performed undetectable actions in the background and initiated an unusually high number of transactions, ZDNet reported. Here's what happened.
Malware in default 'weather' app
Some Alcatel phones, particularly Pixi 4 and A3 Max models, came with a default app named 'Weather Forecast - World Weather Accurate Radar'. It looked like any other app for weather-related updates but was found to be generating huge traffic by Upstream. On further investigation, the firm found that the app was using data in the background and subscribing users to premium services.
Millions of transactions initiated
While investigating the app, the research firm found it initiated 27 million unique transactions from devices in different countries, including Brazil and Malaysia. The malicious code of the app was acting in the background and subscribing users to premium phone numbers and other digital services. The transactions were blocked, but if that hadn't happened, the users would have been charged $1.5 million in total.
The infected app even sent data email addresses to China
Along with subscribing users to unwanted services, the app also sent email addresses, geographic locations, and IMEIs to TCL's servers. Plus, it consumed data in the background and demonstrated adware-like behavior.
Worryingly, the app had 10 million Play Store downloads
Along with several Alcatel phone buyers, the weather app in question also affected millions of other Android users - via Google Play Store. It had a 4.4-star rating on the marketplace and was downloaded as many as 10 million times. However, after the issue got flagged, Google was quick to take down the app.
So far, no comment from Alacatel's owner
Though the app has been removed and the background activity has stopped, many questions still remain. TCL Corporation, the licensee of Alcatel as well as BlackBerry brands, has not commented on the report or revealed how/when the app was infected. However, we don't expect silence for long as the app has done some serious damage and compromised users in various countries.
