Antivirus company Avast has discovered hundreds of Android-based devices — mostly tablets — have malware hidden deep inside the firmware, spreading annoying ads and potentially leading the unwary to download compromised apps. The list of manufacturers affected includes ZTE, a company facing its own problems at the moment, along with Archos and many others. Don’t throw your Android device away, though — it’s highly unlikely you’re personally affected by this, and if you’re not, there’s a very easy way to avoid it in the future too.
On the infected hardware, Avast identified adware called Cosiloon, which is downloaded and installed by what’s called a “dropper,” a special program encoded in the device’s firmware. Cosiloon links itself to advertising networks provided by Google, Facebook, and Chinese technology company Baidu, then shows pop-up ads, banners, and other annoying interruptions over the top of the Android operating system. These ads are often for potentially compromised apps.
Nasty, right? No one wants extra ads, least of all ones that are difficult to remove without the use of an antivirus program. Additionally, it’s more bad press for ZTE, a company that has sold phones and tablets all over the world for years. Avast says it identified devices infected with the malware in Europe and the U.S., suggesting the problem is widespread. Plus, while it serves ads now, the dropper could be used to install far worse in the future, including spyware.
Don’t panic
While it’s reasonable to be concerned about malware and security issues on any device we own, and for Avast to track these incidents, you probably don’t have to worry this time. Avast points out that the majority of devices it tracked didn’t come with Google Play installed, and were not Google certified. Also, while many are listed, the bar for inclusion was set at “more than 10 unique users in the last month.” It also tracked another 800 devices that had fewer than 10 unique users.
While ZTE features several times on the list, the devices are old and often regional variants. Almost all other affected devices are made under contract by companies most will not know, and based on the low bar of acceptance onto Avast’s list, may not have sold in great numbers either. If you haven’t bought an incredibly cheap Android product without Google Play Services installed over the past few years, you can go about your day worry-free.
How about avoiding the problem in the future? The solution is to buy a Google-certified product (which will have Google Play Protect in place to keep you safe) from a recognized manufacturer. Google lists its certified partners here. No, it’s not a guarantee — Archos is a Google-certified partner, for example — but the chance of encountering Cosiloon or any other preinstalled adware is far, far lower.
If you do own one of the devices Avast lists, or have seen activity that makes you suspect the presence of Cosiloon on your Android tablet or phone, then Avast provides information on how to remove it and the dropper that installed it in the first place. It’s also working with providers and domain registrars to get the problematic servers closed down permanently.