Avast usually sends out a report when its researchers and devs see something that will be really bad for your device or network. Avast Threat Labs recently analyzed malware that has affected thousands of mobile users all over the world. Malware attacks are usually common but in this day and age, it should be easier to track. Removing malware should also be easy especially if you just got a brand new smartphone. Ideally, a new phone should be clean but there is still adware pre-installed on hundreds of Android devices and versions.

Avast just said OEMs such as myPhone, Archos, and ZTE release phones in the market with adware pre-installed. These phones are believed to be not certified by Google so such unsafe content and apps are available. The malware in focus is called “Cosiloon” and it’s been discovered to be hidden because of the overlay it has created to display an ad over a webpage. If you’re not observant, you won’t notice this one even if it’s within your browser already.

The Cosiloon adware has been active for about three years now. It’s now found at the firmware level so it can be a challenge to remove. Affected users reached to only thousands, not hundreds of thousands or millions–at least not yet. We’re crossing our fingers though it won’t spread further or a permanent fix will be available.

As of this writing, about 18,000 phones in over 100 countries have been affected. Some countries include the US, Germany, UK, Italy, and Russia. Avast has already reached out to Google to report the problem. The issue is already under the tech giant’s radar and we’re assuming it’s doing all efforts to fix the issues. One quick solution released by the company is to update Google Play Protect.

The malware is hard to address because the apps are pre-installed with the firmware. The latter must then be tackled in order to completely clean and safe. Avast’s database has noticed the following questionable and unfamiliar package names: com.google.eMediaService; com.google.eMusic1Service; com.google.ePlay3Service, and com.google.eVideo2Service.

That is why you should be careful which phones you buy. You should also be careful WHERE you buy them. One smart tip: only buy from a reputable retailer or network. We have a feeling this situation will further strengthen the US government’s stand to ignore Chinese OEMs. What do you think?

SOURCE: Avast Blog