In January, cybersecurity researchers from Malwarebytes discovered unremovable malware bundled with the Android operating systems on the Unimax (UMX) U686CL, a low-end handset sold by Assurance Wireless as part of the Lifeline Assistance program, a 1985 U.S. initiative which subsidises telephone services for low-income families.
There was no way to remove a pair of apps on the handsets which would install other software on the devices without the user's knowledge.
Malwarebytes has uncovered another budget handset with similar security issues. The smartphone in question is the ANS (American Network Solutions) UL40, running Android OS 7.1.1.
In the same way as the UMX U686CL, two apps -- a settings app and wireless update app -- are compromised. However, these apps are not infected with the same malware variants; instead, Collier says the "infections are similar but have their own unique infection characteristics".
The Settings app is detected as Downloader Wotby, a Trojan that is able to download apps externally. The researchers did not find any evidence of malicious apps in a third-party store linked to the software but noted this doesn't mean that malicious apps could not be added or find their way into the store at a later date. The WirelessUpdate app is considered a Potentially Unwanted Program (PUP) that is also able to automatically install apps without user permission or knowledge.
While the app does function as an over-the-air updater for security fixes and as an updater to the operating system itself, the software also installs four variants of HiddenAds, a Trojan family found on Android handsets.
Malwarebytes has instructions on how to stop HiddenAds infections.