Researchers Discover Malware Called Cosiloon Pre-Installed On 141 Android Models

Although it is common to have a malware infection on a device, it is usually rare to find a device with malware already installed on it.

What Is The Malware?

On May 24, researchers with Avast Threat Labs published a report claiming that malware called Cosiloon is pre-installed on many Android devices. One hundred forty-one different models, that are usually low-cost and not certified by Google, have been identified as carriers of the malware.

The malware contains hidden infected apps, called droppers, that download a manifest that tells other apps what files to download. Eventually, the droppers install payloads from a URL.

Once downloaded, the malware can do some annoying things to a mobile phone. Users will see popup ads when they are playing games or searching for websites. Installing any of the games from the popup just exacerbates the problem. The malware is difficult to remove because of its location and because it uses strong obfuscation.

What Is The Scope Of The Malware?

Avast discovered that 18,000 of its users have been affected by the most recent version of the malware, including thousands of users in the past month. The users are located in more than 100 countries. The countries with the most cases include Italy, Germany, Russia, the United Kingdom, and France.

When Avast conducted research, it found evidence that the droppers associated with the app have been on the market since 2015. In addition, the dates on the files within the malware go back as far as 2013. That suggests that the malware has likely plagued Android users for some time. It is only surfacing now because it is happening to more users.

Solutions To The Malware

Avast contacted Google about the problem.

"Google has taken steps to mitigate the malicious capabilities of many app variants on several device models, using internally developed techniques," Avast wrote. "Google Play Protect has been updated to ensure there is coverage for these apps in the future."

Google has also reportedly contacted the firmware developers to stop the problem. Until these problems are fixed, users might have to take action in their own hands.

Since the malware is old, most modern mobile antivirus applications should be able to detect it and stop it.

The problem is primarily affecting phones that have Google Play Services installed and are low-cost. Users who don't have a phone like this have nothing to worry about. It also varies by region.

To prevent the malware infection in the future, user should only buy a Google-certified device.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics