The Danger of No Name Android devices – Pre-Installed Malware

Finding a good deal

Like many of us, I try to shop around for the best deal I can find. Recently I sold an old windows netbook and decided to replace it with a cheap android tablet. Online you will easily find very cheap hardware. I went ahead and ordered a nice little nine inch no-name tablet with good specifications for under fifty dollars.

It is necessary to have some healthy skepticism when ordering no name electronic goods online. Untrustworthy sellers may end up sending you fake memory cards, batteries severely under capacity, or goods that simply do not function as described. Fortunately payment services like PayPal are quick to give you a full refund in most of these cases.

The Trojan Horse Arrives

My new tablet would arrive a couple weeks later. The first thing to do was to put it through a few thorough tests to determine if all the hardware was legitimate. The tablet performed well without any issues. It would have seemed that it had been a pretty good deal. After sitting down to use the tablet I noticed obtrusive advertising started to pop up everywhere throughout the system. Was it some software I had inadvertently installed? Maybe a random game I had grabbed from the google play store? I decided to reset the device to its factory defaults. Yet again, the problem would return. Advertising in odd places where it should never appear, such as in system menus. I decided to investigate the issue a bit further and found a few odd resources running in the background with names like “calender.settings.pluginservice”, or “”. They sound like legitimate services, but a quick google search would reveal them to be malware. Running a scan with CM security confirmed the fact.

The trojan itself is quite interesting. It primarily installs software to display advertising throughout the system, as well as randomly changing the web browser’s home page. That seems annoying enough, but the real danger comes in the fact that the trojan itself has full access to your system. This allows for installation and deletion of any software quietly and without the user’s consent. Due to this unlimited access, the potential exists to steal personal data, credit card numbers and so on.

Cleaning the Device

You would think it would be simple to remove these services. It is not. As the software runs as a system service, root access is necessary to uninstall any of the malware. With the right tools, root access is simple enough to obtain, but deleting the services within android is still not simple. It turns out that there is a script in the firmware that side loads the trojan during the boot sequence. After loading the trojan, it will begin to download and install the advertising services once again without your consent. Because it is built into the ROM, This means that you need to modify the original android rom and re-flash the device. So yes, it is possible to clean such devices, but in a way that is out of reach to most users.

Be Aware, Stay Secure

This is an issue that has existed for years now, most existing malware on mobile devices today is found on android devices. This poses a true danger, not only to the android brand as a whole, but to user and business data security. Often it is difficult to obtain the origin of many no name brands, therefore it is likely only a matter of time before you may see unscrupulous gathering of personal data in many of these devices.

It would be advisable for anyone who is looking for a good deal on a tablet, or any other mobile device, stick to purchasing from a reputable seller and a known brand. Additionally, companies should understand the security risks that mobile devices may pose. It is important to continuously scan all devices for potential security risks.

Leave a Reply