Recent report published by security researchers, shows some low-cost Chinese phones come with preinstalled malware which has stolen users data as well as money. China-based Transsion Holdings is the company behind Infinix and Tecno mobile brands. Before 2014, Transsion Holdings used to be a feature phone manufacturer, however, the company released its first smartphone back in 2014, and it has now grown to emerge as one of the leading smartphone brands in Africa aswell as India.
The company is known for cheap smartphones, these phones may also contain malware that secretly downloads applications and tries to subscribe users to services without their permission or knowledge. According to the report, from one respondent, a 41-year-old South African, who purchased the Tecno W2, but he saw that his smartphone was plagued with pop-up ads interrupting his calls and messages. The victim said that he would wake up to find his prepaid data mysteriously used up. He also received messages about paid subscriptions to applications he had never asked for.
After an investigation carried out by a smartphone security service Secure-D it was noted that a software preinstalled on this smartphone was draining all his prepaid data and trying to steal his money. According to the report, his Tecno W2 was infected with xHelper and Triada malware. This malware secretly downloaded applications on his smartphone and attempted to subscribe to paid applications without the respondents knowledge.
The system of Secure-D which phone carriers use to protect their networks as well as consumers against fraudulent transactions blocked 844,000 connected to preinstalled software on Transsion smartphones between March and December of 2019.
According to Geoffrey Cleaves, Managing Director at Secure-D, who told media outlets that the data of the victim was used up by the malware as the malware attempted to subscribe him to paid applications. It is noteworthy that Tecno W2 in various other markets including Cameroon, Ghana, Egypt, Myanmar, Indonesia, and Ethiopia, were also infected. According to Cleaves, Transsion traffic accounts for 4% of users in Africa, and it still contributed more than 18% of all the suspicious clicks.
A Transsion spokesman admitted that some Tecno W2 smartphones were infected, blaming an unidentified vendor, and added that the company did not profit from the malware.