Skip to main content

Low-end Androids caught stealing user airtime

(Image credit: YouTube)

Chinese manufacturer, Transsion, is in hot water after it was discovered that pre-installed malware on its Tecno W2 smartphones has been signing up users to paid for subscription services. 

 Secure-D, completed an investigation into these suspicious transactions and found that they had effected users in 19 countries, mostly in Africa. 

According to their findings , Transsion Tecno W2 smartphones in Ethiopia, Cameroon, Egypt, Ghana, and South Africa large transactions were occuring from users handsets. 

"To date, a total of 19.2m suspicious transactions – which would have secretly signed users up to subscription services without their permission – have been recorded from over 200k unique device," the firm said in a statement. 

The firm found parts of the xHelper/Triada malware preinstalled. This malware acts as a backdoor and malware downloader. It sticks in the phone, not being removed even after factory resets and reboots. 

The malware then makes subscription enquiries for the user without their knowledge. These then draw payment from the users airtime. 

Secure D found no other phones by Transmission containing this malware.

For more information on malware and mobile fraud in South Africa, read the full Secure-D’s report, The Invisible Digital Threat..