The Unimax UMX
U686CL is a Chinese-made smartphone distributed by the federally funded Assured
Wireless by Virgin Mobile has been found to come pre-loaded with two malicious
the malware every owner finds on their phone is Wireless Update and amazingly the
device’s own Settings app, neither of which can be removed from the phone or it
will not operate properly.
Collier, Malwarebytes senior malware intelligence analyst, said settings
functions as a heavily obfuscated trojan dropper detected as Android/Trojan.Dropper.Agent.UMX.
After being installed one of the first pieces of malware dropped is HiddenAds.
team was able to witness this first-hand as the UMX U686CL it bought as a test
bed was soon infected with HiddenAd adware. Malwarebytes reported the adware
runs silently in the background, creates no icon and the only way to tell it is
functioning is through device’s notifications bar area. Unlike a typical notification,
it cannot be turned off or removed by swiping, instead an uninstall process
must be undertaken.
press and hold the notification, it will give the option to go to MORE
SETTINGS. After clicking MORE SETTINGS, it will take you to the app’s
notification settings. From there, press the app’s icon at the top. Lastly, it
will take you to the app’s App info, where you can uninstall,” wrote Collier.
been operating in the wild since spring 2019, but reports of malicious activity
began climing in October 2019.
is the device’s primary method of receiving operating system updates, but Collier
noted it also has the ability to auto-install apps without the user’s
permission. Something it begins to do immediately upon activation.
is a variant of the previously known Adups, a Chinese company that has been
caught collecting data and installing auto installers.
apps it installs are initially clean and free of malware, it’s important to
note that these apps are added to the device with zero notification or
permission required from the user. This opens the potential for malware to
unknowingly be installed in a future update to any of the apps added by
Wireless Update at any time,” he said.
nefarious aspect of these two apps is they cannot be removed from the phone
without disrupting operations. Pulling Wireless Update would halt any OS
updates from being downloaded, a risk Collier said is worth taking, but Settings
has to be left on board as its removal would destroy the phone.
U686CL is an entry level phone distributed by Assurance Wireless, a federally
subsidized through the Universal Service Fund and only to people who qualify
based on federal or state-specific eligibility criteria. This includes being on
certain public assistance programs, like Medicaid, Supplemental Nutrition
Assistance Program or on your household income.