
US government-funded phones come pre-installed with unremovable malware - ajay-d
https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/
======
herpderperator
The article shows how to uninstall it. How does that make it unremovable? The
uninstall procedure is fully stock, just a slightly different path than most
are used to. Most people hold the icon and drag it to the uninstall text. This
goes into the app's info screen from where you can click uninstall.

~~~
darkkindness
The article definitely a little confusing. It starts with an edit that gives
new info about how to remove "Android/Trojan.HiddenAds.WRACT" which is auto-
installed by the Settings app replacement they call
"Android/Trojan.Dropper.Agent.UMX" preinstalled on the phone.

> But uninstall the Settings app, and you just made yourself a pricey paper
> weight.

------
staplers
Chinese malware on a Chinese phone given to US citizens at a massive
discount..

Sounds like a brilliant cyber-espionage tactic.

~~~
Someone1234
What intelligence would be gained from the poorest 10% of the US? I'd imagine
it is more useful to marketers than actual intelligence agencies (which is in
fact who is doing it).

These seem like imaginings based on too little thought and too much paranoia.
But whenever "China" comes up, even if it is just a company located there, we
get these exact same popular statements without justification.

~~~
ARandomerDude
The scenarios are obvious and virtually limitless. For example:

This low-income person drives to Langley, VA every night at 11pm. He might be
a janitor at the CIA. We already know he's poor because he has this phone. Can
we find out more and potentially bribe him to leave this ordinary-looking pen
in a conference room?

~~~
Someone1234
Seems like a stretch. If you really want to find the CIA's janitor just drive
a passive cellular monitor near it and grab everyone's IMEI and cross-check
it. Plus if someone has a full time job with security clearance working for
the USG they likely aren't getting a free phone anyway.

~~~
perl4ever
I'm not a spy or imaginative enough to lay out a scenario, but remember if
someone has a security clearance, then someone, who is assumed to be the
Chinese government, likely has their entire file (clearance investigation,
fingerprints, you name it) due to the Office of Personnel Management having
_everything_ stolen. So this could be used in synergy with any other tactics
applied to CIA agents who aren't compromised by the OPM or people without
clearances.

------
kbumsik
I'm not American but what are "United States government-funded phones" for?
Why anyone wants to use it? The article doesn't give much context...

~~~
liopleurodon
Obama phone

~~~
NewsAware
Reagan phone rather

------
jupp0r
Most corporate issued phones and computers come with lots of pre installed
malware too. Apple bakes this into MacOS too (MDM).

~~~
AmericanChopper
A computer program knowingly installed by the owner of the device, functioning
to the expected specifications of the owner of the device, is just called
software.

~~~
jupp0r
For me, whether it respects users privacy is where I’d draw the line, but I
see your point.

~~~
AmericanChopper
Defining low privacy software as malware is to redefine malware. I also don’t
really understand the issue with MDM at work. Aside from the fact that MDM is
not necessarily a privacy infringing feature (depending on how you configure
it), why would expect privacy on a work device? You should be conducting your
personal business on your own devices (and not just because of MDM).

~~~
jupp0r
I don't know how you feel about somebody else secretly watching your screen
without telling you, but I think that's something I would not be ok with, even
if I don't conduct personal business on the device.

Apart from that, there are plenty of companies requiring you to install their
MDM profile on your personal device if you want to read corporate emails on it
(guess how I know).

------
ryanlol
Am I just super jet lagged, or does Malwarebytes seem to avoid talking about
what this “malware” actually does?

Is it just click fraud like the malware names suggest? That would hardly hurt
the users.

Some might even think that click fraud fucking over online advertising
platforms is a good thing...

~~~
post_below
Click fraud doesn't fuck over online advertising platforms, if it goes
undetected it fucks over advertisers who use the platform. If it's detected,
no one pays for it.

~~~
ryanlol
> Click fraud doesn't fuck over online advertising platforms, if it goes
> undetected it fucks over advertisers who use the platform.

Sounds like the same thing to me!

~~~
post_below
On the off chance you're interested in the distinction... Uncaught click fraud
is paid for by advertisers (including small businesses and startups who can't
easily absorb that cost). The platform (Google Ads for instance) pays nothing.
In fact they make a profit.

It only hurts them if there is enough of it that it pushes advertisers
elsewhere, which is why so much of it is caught (in which case no one pays for
it).

------
dang
[https://news.ycombinator.com/item?id=22015231](https://news.ycombinator.com/item?id=22015231)

------
SlowRobotAhead
> The only difference between the two codes are their variable names. The more
> discernible variant of this malware uses Chinese characters for variable
> names. Therefore, we can assume the origin of this malware is China.

I mean... that’s possible and not an unlikely scenario - I guess. But it’s
hardly anything but an anecdote. If I was a Russian or American hacker, I
would have Chinese variable names swapped out with mine before I released the
code.

~~~
whitecream
For what it's worth, if the image they used is representative of the other
variable names they found, then that line of reasoning doesn't make sense -
the names are just gibberish characters in Chinese, and some even have random
radicals and other characters thrown in. This seems more like the type of
strings you get when you take a bunch of random valid UCS-2 code points.

~~~
jtl999
Pretty sure I've seen Chinese or other "strange" characters as an artifact of
certain code obfuscation in the past.

------
hoppla
But, what does the malware do?

------
Ericson2314
They should buy pine phones!

------
samstave
One can take the sim and install it any phone you like though...

~~~
jdsully
If the government is giving you a free phone, I'd hope its because you
couldn't otherwise afford one.

[https://www.fcc.gov/general/lifeline-program-low-income-
cons...](https://www.fcc.gov/general/lifeline-program-low-income-consumers)

~~~
function_seven
With a hand-me-down phone from a friend, the device is still free, and you're
getting the subsidy on the monthly service charges.

~~~
jdsully
Poverty clusters. Its quite possible (likely even) there’s no friend with a
phone to give.

