Upstream, a leading mobile technology company with its security platform Secure-D discovered a pre-installed malware in thousands of low-cost mobile phones by Chinese manufacturer Transsion Holdings, the company formerly known as TECNO TELECOM LIMITED.
The malware was found to have signed mobile users up for subscription services without their permission. Following a full investigation into the origin of the detected suspicious transactions by Upstream’s security platform Secure-D, the security platform caught and blocked an unusually large number of transactions coming from Transsion Tecno smartphones W2 handsets mainly in Ghana, Cameroon, Ethiopia, Egypt, and South Africa.
Geoffrey Cleaves, the Head of Secure-D at Upstream said “This particular threat takes advantage of those most vulnerable. The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against.”
About the Malware
According to Upstream, the “Triada malware acts as a software backdoor and malware downloader. It installs a trojan (a piece of malicious code designed to look normal) known as xHelper onto compromised devices.” xHelper. When given the right environment (a particular phone network for example) can “make queries to find new subscription targets and submit fraudulent subscription requests on behalf of the phone’s unsuspecting owner. Thus, without your permission or knowledge, you are signed on to hidden subscription services that consume a huge chunk of your airtime or data bundle.
That might probably be a warning feature. Should you realize a huge consumption of your data bundles, you might probably be having a malicious malware running at the background of your mobile device.
To date, Upstream’s Secure-D recorded a total of 19.2 million suspicious transactions from over 200,000 Transsion Tecno W2 smartphone devices.
Upstream further noted that “The xHelper trojan persists across reboots, app removals and even factory resets, making it extremely difficult to deal with, even for experienced professionals, let alone the average mobile user.”
In a report monitored by Ghana Talks Business, Transsion, in response said the issue was “an old and solved mobile security issue globally” to which it dished out a fix in 2018.
“For current W2 consumers that are potentially facing Triada issues now, they are highly recommended to download the over-the-air fix through their phone for installation or contact Tecno’s after-sales service support for assistance in any questions.” It said.
It further added “We have always attached great importance to consumers’ data security and product safety,” they said. “Every single software installed on each device runs through a series of rigorous security checks, such as our own security scan platform, Google Play Protect, GMS BTS, and VirusTotal test.”
No signs of Triada malware, however, were found to affect other mobile phone models created by Transsion Holdings.