Alcatel phones had malware-carrying pre-installed apps

JC Torres - Jan 10, 2019, 11:11 pm CDT
0
Alcatel phones had malware-carrying pre-installed apps

It seems that Alcatel or its licensee TCL haven’t yet learned their lessons, perhaps waiting for that “big bad” that will tear down whatever credibility their brands might have in the mobile market. Last year, the French brand found itself in the middle of controversy for having adware apps pre-installed on its phones. Now it might have done slightly worse with yet another pre-installed app that contained malware that not only collected phone data, in some cases, it also subscribed users’ phone numbers to premium paid services without their knowledge, much less their consent.

The app in question this time is the “Weather Forecast-World Weather Accurate Radar” developed by TCL itself and pre-installed on a couple of Alcatel phones, including the Pixi 4 and A3 Max that UK-based security firm Upstream reported. As innocuous as a weather app may be, this particular one is particularly nefarious in the many ways it violated users’ privacy and security.

For one, it collected phone data like IMEI, email addresses, and locations and sent them to a remote TCL server. It also seemed to run adware programs behind the scenes, consuming anywhere from 50 to 250 MB of data, all without the user’s knowledge. The most egregious activity, however, is subscribing users to premium phone numbers which, if not for Upstream’s Secure-D platform, would have cost consumers in Brazil and certain countries around $1.5 million in bogus charges.

Upstream admits it doesn’t have worldwide insight to know if the weather app has actually affected other handsets around the globe. The app, which was also made available on Google Play Store and downloaded more than 10 million times, has already been removed from devices and the app market.

At the moment, there’s still no conclusion on how the malware got into the weather app, though one theory claims that a TCL developer’s system may have been compromised. While this particular incident may absolve TCL and Alcatel of direct wrongdoing, it doesn’t excuse them for being negligent. Especially considering it’s their second time to have this exact kind of problem.


Must Read Bits & Bytes