PCR Tech and IT retail, distribution and vendor news
Android tablets infected with a pre-installed adware Trojan are being sold on Amazon, according to a new report from Cheetah Mobile Security Lab.
Researchers say they have found a dangerous Trojan dubbed Cloudsota pre-installed on certain Android tablets. With root permission, the adware is able to automatically open all installed applications, and replace boot animations and wallpapers with advertisements.
The Trojan can also change the browser’s homepage and redirect search results.
According to its rough estimation, Cheetah Mobile believes at least 17,233 infected tablets have been sold to date.
“The estimation is based on anonymous data collected by Cheetah Mobile. Since many tablets are not protected by anti-virus applications, the number may actually be significantly greater,” said the firm.
“What’s worse, these tablets are still available on many online stores, including the huge retailer Amazon. While most people have no idea about Cloudsota’s potential risks, it is a ticking time bomb threatening your privacy and property.”
Cheetah Mobile has found over 30 tablet brands pre-loaded with this Trojan, among which the most severely affected are no-brand tablets with Allwinner chips, claiming over 4,000 such tablets have been sold to customers around the globe.
The top 10 affected brands are as follows:
1. No brand
2. SoftWinners
3. Advance
4. Rockchip
5. Joinet
6. SW
7. WonderMedia
8. RDA
9. Freeman
10. WorryFree
The firm says it has notified the manufacturers involved and advised them to investigate their system firmware carefully, but unfortunately none have responded yet.
“We assume that the unbranded tablet manufacturers do not pay any attention to user feedback, nor do they have the capability to offer a solution to this problem,” said Cheetah Mobile.
The firm is confident that the attackers are from China due to these three pieces of information:
1. The code it extracted from the Trojan links to the WHOIS information on the server of www.cloudsota.com. It is clear that the server is registered in Shenzhen, P.R. China.
2. Much of the code is written in Chinese characters.
3. The manufacturers of tablets are from China.
The researchers found that over 150 countries are affected with this Trojan, with Mexico, USA and Turkey suffering the most. There have been cases in Europe and the UK as well.
“A large number of customers have left comments on Amazon.com grumbling about the advertisements and popups,” commented the firm.
It appears the tablets in question share some similarities in that all of them are low-priced and manufactured by nameless small-scale workshops.
If these products continue to sell on sites like Amazon, this can only be bad news for Google, as consumers will start to lose trust in the Android brand.
This may also be a discussion point for smaller retailers and etailers who are trying to push big-brand tablets to consumers. But it could also be a double-edge sword as those businesses may also have cheaper ranges of Android tablets they are trying to shift.
