Imagine owning a phone pre-installed with malware that subscribes you to paid services without your permission and you cannot remove it even by resetting the phone. This is exactly what Secure-D, Upstream’s full stack anti-fraud platform, and BuzzFeed News have found Chinese manufacturer Transsion of doing allegedly. Transsion has been stuffing its low-cost Tecno W2 phones with malware out of the box to steal users’ money. According to the report, xHelper and Triada malware was found pre-installed on thousands of Tecno W2 devices in emerging markets.
The pre-installed malware is said to be stealing users’ money by singing them up to subscription services without their consent. These phones have been selling in African nations including Ghana, Egypt, Ethiopia, Cameroon, and South Africa and have also been found in Myanmar and Indonesia. This malware is Triada and xHelper, which cannot be removed even after resetting the phone but causes mobile phone users’ high data consumption and inflated bills.
Secure-D has reportedly identified and blocked a total of 19.2m suspicious transactions that could be singing up users to subscription services without their permission. These transactions have been recorded from over 200k unique devices in over 19 countries.
The investigation by Secure-D found xHelper/Triada malware pre-installed on 53,000 Transsion Tecno W2, which is the Chinese company’s inexpensive Android smartphone. Transsion, owing to its low-cost handsets, is the leading mobile phone manufacturer in Africa ahead of the biggies like Samsung and Nokia.
This is not the first time such malware has come into light. Secure-D informs that the pre-installed malware was also found on TCL’s Alcatel mobile phone in Malaysia, Nigeria, and Brazil. Transsion is here alleged of duping the low-income mobile phone users in the emerging countries of their money maliciously.
However, the company has tried to come clear by stating to BuzzFeed that “some of the company’s Tecno W2 phones contained the hidden Triada and xHelper programs;” but blame an unidentified “vendor in the supply chain process” for it. Transsion informs that it had provided users fixes for Triada in March 2018 and for xHelper in late 2019.
