Tecno, a Chinese smartphone brand that is a subsidiary of Transsion, has reportedly been spotted to steal user data, as well as money, through pre-installed malware on its phones. Mobile security service provider Secure-D and BuzzFeed News reported that some smartphone models shipped by the company carried malware that worked in the background, covertly stealing money from users. The report suggest that Tecno W2, a budget phone from the company, was shipped in 2018 with two malware-laced apps. It is speculated that the malware-laced phones were shipped to emerging markets such as Egypt, Ghana, South Africa, Indonesia, and Myanmar.
In a report, BuzzFeed News cited the experiences of Johannesburg-resident Mxolosi, who purchased a Tecno W2 smartphone for its affordable price ($30 or roughly Rs. 2,210). Mxolosi said that he faced several troubles while using the phone. Pop-up ads would often interrupt his calls and chats. His prepaid data would also reportedly get used up automatically and messages regarding paid subscriptions to apps he never subscribed for would also flood his inbox.
These problems were reported to be caused by two malware – xHelper and Triada. According to the investigation by mobile security service Secure-D and BuzzFeed News, software embedded in the phone was draining data while trying to steal the user's money. The report suggested that the two malware secretly downloaded apps, attempting to sign the user up for paid services without his knowledge.
Update: These issues were first discovered in 2018, and a fix was issued by the company, a spokesperson clarified to Gadgets 360. Transsion said that the two malware were both solved through OTA updates.
The report also suggested that along with South Africa, Tecno W2 phones in Ethiopia, Cameroon, Egypt, Ghana, Indonesia, and Myanmar were also found to be infected. Secure-D claimed that it was reportedly able to block 8,44,000 fraudulent transactions connected to preinstalled malware on Tecno phones between March and December last year. Secure-D Managing Director Geoffrey Cleaves said, “Transsion traffic accounts for four percent of the users we see in Africa. Yet it contributes over 18 percent of all the suspicious clicks.”
The report also cited a Transsion spokesperson who said that some of the brand's Tecno W2 phones contained the hidden malware, blaming an unidentified vendor in the supply chain process. Although the spokesperson declined to say how many handsets were infected, he asserted that Transsion did not profit from the malware.
Transsion confirmed to Gadgets 360 that the issue was not present in any of the phones that it sells in India, and added that the Tecno W2 was never launched in the country. In a statement from the company, it shared that it followed a test set out by Google to fix the Triada malware. On xHelper, the company added that it has deployed professional security tools such as GMS BTS and VirusTotal to detect the xHelper issue since last November.
All Tecno's new product releases and software maintenance releases for old products must go through the test, it added. No reports of xHelper have ever been detected since then, it confirmed.
Why are smartphone prices rising in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.