Call: 919.694.3298 (919.NWIDA.98) | Email: info@nwida.org

National Wireless Independent Dealer Association

Unremovable Malware Found on LifeLine Phones

Android phoneUnremovable Malware Found on LifeLine Phones.

The UMX U686CL, an Android phone provided in the Lifeline program, comes preinstalled with malware that can’t be removed without making the device cease to work, researchers reported.

Manufactured in China, the phone is provided by Virgin Mobile’s Assurance Wireless program.

Researchers at Malwarebytes said on Thursday that the device comes with at least 2 malware programs. Representatives of Sprint, the most recent owner of Virgin Mobile, said it didn’t believe the apps were malicious.

The first can install adware and other unwanted apps without the knowledge or permission of the user. Android/Trojan.Dropper.Agent.UMX contains striking similarities to two other trojan droppers.

Once the library is loaded into memory, it installs ad software – it aggressively displays ads. Malwarebytes researcher Nathan Collier said company users have reported that the hidden library installs a variant of HiddenAds, but the researchers were unable to reproduce that installation, possibly because the library waits some amount of time before doing so.

The malware that installs these programs is hidden in the phone’s settings app. That makes it virtually impossible to uninstall, since the phone can’t operate properly without it.

Collier wrote:

Uninstall the Settings app, and you just made yourself a pricey paper weight

The second malware is something called Wireless Update. While it provides a mechanism for downloading and installing phone updates, it also loads unwanted apps without permission. “From the moment you log into the mobile device, Wireless Update starts auto-installing apps… it just installs apps on its own.” said Collier.

While all of the installed apps Malwarebytes examined were clean and free of malware, the presence of a feature that automatically installs apps poses an unacceptable risk.

When asked, Sprint officials said:

We are aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware.

Read the entire article here.

NWIDA members, contact us today if you need our assistance and if you’re not yet a member, we invite you to join today.
Want news like this delivered to your inbox? Click HERE Email pic - NWIDA
Want news like this delivered to your Alexa Flash Briefing? Click HERE Alexa Logo - NWIDA
Want news like this in your RSS feed? Click HERE RSS Logo - NWIDA

paid ad:




Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

I accept that my given data and my IP address is sent to a server in the USA only for the purpose of spam prevention through the Akismet program.More information on Akismet and GDPR.

I’m Ready to join

Not Ready to Join?

Donate to NWIDA toady!


Please send more information





Paid Ad: