Chinese Malware Found Preinstalled on US Government-Funded Phones

Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.

Budget Android smartphones offered through a US government initiative for low-income Americans come with preinstalled, unremovable Chinese malware, researchers report.
These low-cost smartphones are sold by Assurance Wireless, a federal Lifeline Assistance program under Virgin Mobile. Lifeline, supported by the federal Universal Service Fund, is a government program launched in 1985 to provide discounted phone service to low-income households. The Unimax (UMX) U686CL ($35) is the most inexpensive smartphone it sells.
In October 2019, Malwarebytes began to receive complaints in its support system from users of the UMX U686CL who reported some pre-installed apps on their government-funded phones were malicious. Researchers purchased one of these smartphones to verify customers claims.
The first suspicious app they detected is Wireless Update, which is capable of updating the device – its the only way to update the phones operating system – but also is a variant of the Adups malware. Adups is also the name of a Chinese company caught gathering user data, creating backdoors for mobile devices, and developing auto-installers, researchers report.
Years ago, Adups began partnering with budget phone companies to provide wireless phone updates, explains Nathan Collier, senior malware intelligence analyst for Malwarebytes Labs. For some reason, he notes, Google doesnt provide updates for budget smartphones.
Adupts provides wireless updates so people can update their operating system, but theyre also just installing random stuff without any user permission whatsoever, Collier explains. Not all of this content is malicious, he notes; sometimes the app simply installs hidden ads. Still, from the time the device is first activated, Wireless Update starts auto-installing apps.
This opens the potential for malware to unknowingly be installed in a future update to any of the apps added by Wireless Update at any time, Collier writes in a
blog post
on the findings.
Wireless Update isnt the only unremovable app on the UMX U686CL. The phones Settings app also functions as heavily obfuscated malware detected as Android/Trojan.Dropper.Agent.UMX, which shares characteristics with two other variants of known mobile Trojan droppers.
It has a lot of elements that are very similar to other elements of Trojan droppers that we know for sure are dropping hidden ads, Collier explains. Hidden ads are growing more popular in the malware community, as attackers generate a little revenue with each click. On one device this may not amount to much, he adds, but it can add up over time as the victim pool grows.
Malwarebytes has a way to uninstall preinstalled apps for current users; however, this could have consequences on the UMX. Uninstalling Wireless Update could cause users to miss critical updates, which the company says is worth the tradeoff. Unfortunately, removing the Settings app would essentially render the device useless.
Researchers informed Assurance Wireless of the problem and have not heard a response at the time of writing. Customers were also reaching out to UMX, Collier says, noting this problem falls on Assurance. Its worth noting UMX devices are made by a Chinese company; however, it has not been confirmed whether the device makers know there is Chinese malware preinstalled.
The issue of preinstalled malware has grown over the past several years. Now, as it starts to affect the Settings app and other critical parts of device software, its becoming more of a challenge for users. Unlike apps that can be deleted and forgotten, the apps affected here cannot be simply uninstalled without irreversibly damaging the phone.
This has been an issue for quite a while and its getting worse and worse, Collier says. Were seeing it on a lot of different budget carriers around the world.
Related Content:
7 Free Tools for Better Visibility Into Your Network
Car Hacking Hits the Streets
TikTok Bugs Put Users Videos, Personal Data At Risk
In App Development, Does No-Code Mean No Security?
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
In App Development, Does No-Code Mean No Security?

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Chinese Malware Found Preinstalled on US Government-Funded Phones