Hundreds of low cost Android smartphones are being shipped with preloaded ‘Cosiloon’ malware, according to a study conducted by Avast Threat Labs.
“Cosiloon” has been active for three years and removing it is extremely difficult since the adware is seated in the device’s firmware. So far, Avast has found its presence across 18,000 of its user devices. Google has been informed about the malware by Avast, and the tech giant has “taken steps to mitigate the malicious capabilities of many app variants on several device models, using internally developed techniques.”
Tweaks have been done in Google Play Protect to make sure that apps with such malware are not rolled out in future. Google has also contacted the firmware developers and has urged them to take the necessary actions to address the issue.
The adware causes a plethora of popup ads to feature in user’s browser and thus obscure the screen. The malware has two major parts: Dropper and Payload.
In the report by Avast, two variants of droppers have been identified for delivering the trouble-causing payloads in the smartphones.
More than 100 payloads have been found in the affected devices; out of which only two are visible as apps on the home screen. One payload was hidden in the app named ‘Google Contacts’. Other variants of the payload were found in the system application list with names such as “MediaService”, “VPlayer” and “eVideo2Service”.
The firm identified over several hundred phones.