Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Some Chinese phones are shipping with money-stealing malware

The company blames the problems on a supply chain partner.
By
August 24, 2020
TL;DR
  • Security researchers found that some Chinese phones (most notably Tecno-made) shipped with money-stealing malware.
  • It subscribed users to paid services and couldn’t even be removed.
  • The phone maker blamed it on a vendor in the supply chain.

While many politicians are focused on potential spying from HUAWEI phones, there may be a more practical security risk in the wild: out-of-the-box malware.

Secure-D and BuzzFeed News have learned that some low-cost Tecno W2 phones shipped to countries around the world infected with malware meant to steal money from customers. The Triada and xHelper software would quietly download apps and subscribe to paid services. This caused unexpected bills and data overages for buyers who were already some of the most disadvantaged in the world.

Chinese phones with money-stealing malware?

While pre-loaded malware on phones isn’t a completely new concept, Malwarebytes analyst Nathan Collier told BuzzFeed that Triada and xHelper were particularly insidious. While they create pop-ups and other headaches expected from this kind of malware, they can’t be removed with a factory reset.

The phones mainly reached African countries, including Egypt, Ghana, and South Africa. However, some devices also reached Indonesia and Myanmar. Secure-D said it blocked 844,000 malware transactions between March and December 2019.

Read more: The best budget phones you can buy

Transsion, the China-based company behind the Tecno brand, has pinned the malware on an unnamed “vendor in the supply chain process.” It said that it delivered fixes for Triada in March 2018 and xHelper in late 2019. However, the issue doesn’t appear to have gone away. Secure-D said it was still blocking Triada and xHelper on Transsion phones through April 2020, and it may simply be dormant.

Companies like TCL have had similar problems with preloaded malware, Secure-D added.

There’s no evidence of malicious intent on Transsion’s part. However, this doesn’t help the reputation of Chinese phones at a moment when many are already anxious. It also leaves many would-be buyers in a difficult position. Tecno is appealing precisely because it’s one of the few brands aimed primarily at low-income buyers. Customers might not have many alternatives if they’re worried enough to avoid Tecno entirely.