Android Devices Found Preinstalled With Adware Cosiloon
Thousands of Android devices owned by users in over 100 countries, including the U.S., Russia, Italy, Germany, the U.K., Greece, France, and Venezuela, have been found preinstalled with the adware Cosiloon (Detection name: ANDROIDOS_COUDW). The latest version of the malware was found in more than 18,000 devices. Over a hundred varying models are affected, and a majority are tablets not certified by Google. Google is aware of the issue and is working on mitigation steps for the app variants and for several device models. Device manufacturers and firmware developers have also been notified as new device models were found still carrying the adware.
Cosiloon pushes ads on
While some parts of the adware are detected by antivirus applications, the researchers noticed samples that had no point of infection and had similar package names. Upon further examination, they found that the adware packages were payloads from a preinstalled system application. The earliest sample of the dropper, a malicious app that is also used to download other malicious files, was from January 2015 and had been installed in a budget tablet sold in Poland; some of the oldest Android application package (APK) files observed were dated 2013 and 2016.
The command and control (C&C) server used by Cosiloon was initially reported and shut down on April 2018, but it has been restored again using another provider. In addition, the adware has been found to undergo constant development, based on the number of variants of both its payloads and droppers. While Google Play Protect has started detecting Cosiloon in some of the devices and the dropper and the payload are automatically disabled, users are still potentially at risk of downloadable threats like ransomware and spyware.
Here are some steps to make sure your mobile devices are protected:
- Avoid clicking on pop-up ads while using your browser or app.
- Regularly download patches to ensure that your operating system or application is updated.
- Flag suspicious application behavior so developers can analyze and address issues.
Trend Micro customers are protected with multilayered mobile security solutions via Trend Micro™ Mobile Security for Android™ (available on Google Play). Trend Micro™ Mobile Security for Enterprise solutions provide
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.