Shares

Cubot devices have been in the country for a while now and they seem to be capturing the love of many Kenyans due to their affordable nature and highly packed specifications that the smartphones boast about. Well, the issue at hand does not only affect Kenyans but the world at large. Over the past one year, some Cubot users have noticed a couple of developments with their phones, they have reported that after around two months of usage, the phone starts displaying full-screen ads when one opens certain apps such as WhatsApp, Facebook, Google Chrome and the Play Store.

Over the past one year, some Cubot users have noticed a couple of developments with their phones, they have reported that after around two months of usage, the phone starts displaying full-screen ads when one opens certain apps such as WhatsApp, Facebook, Google Chrome and the Play Store. The issue has been reported in some of the most common Cubot smartphones such as Cubot Rainbow, Cheetah 2 and Note S.

A user went to Malwarebytes forums and shared his experience. The user discovered that a malware has been embedded within the System UI package of his Cubot Rainbow device.



The malware is said to be trying to connect to the internet a couple of times every minute. After digging deeper, he discovered that System UI accesses an Amazon Web Service (AWS) instance; sdk.asense.in. A domain lookup shows that the said domain belongs to Inter Police, an organization based in Shanghai China.

The malware seems to be the one showing the pop-up ads when you open specific apps, similar complaints have been made through Cubot’s forums. To fix this issue, Cubot released updates for the Rainbow, Cheetah 2 and Note S devices. This update was said to offer “Enhanced protection against malware”, and for a while, it seemed like it did, as the System UI apk file got a 0/56 virustotal score.

Virus scan after the update

However, it was discovered that Cubot had removed the malware from the System UI package and hidden it under a new package, com.android.telephone, disguised as the phone dialer. On further digging, it was discovered that the new package does not have any real function and it manages to evade any detection by antivirus apps such as NetGuard, that would detect the malware under System UI previously.

Virus scan of the com.android.telephone package

The new package aggressively pings Cubot’s Amazon-based servers (sp2.l1181.com), causing a lot of battery drain and unexplainable data consumption. The app also constantly gives itself permission to read and write your storage every 2 seconds or so. Things get worse for Cubot users as this app cannot be disabled, permissions cannot be changed and if the phone is reset to factory defaults, the malware reactivates after some time.

We also discovered that another system application on Cubot’s software has been accused of being a spyware. The wireless update app Cubot uses is provided by ADUPS, an app that has been reported to have serious security issues. The Wireless Update app can install unwanted Apps silently, execute remote commands and transmit personally identifiable information without user consent or disclosure.

The only way to protect yourself from getting these pop-up full-screen ads and preventing your data from being mined is by blocking the Wireless Update app and the com.android.telephone app from accessing internet connection through the phone’s settings or by using a third-party firewall app such as NetGuard.

We reached out to Cubot for a comment on these findings and accusations and at the time of publishing, the company had not yet responded to our questions. The irony of this whole discovery is that the company’s tagline translates to “Simple & Trustworthy.”


UPDATE:

Cubot replied to our questions and made a stand that the company does not include malware in their devices. The reply was rather cut and dried but we got the message:

As for this issue, I confirm we don’t include malware within our software. Since your phone has been connected to a network or wifi all the time, also downloading software from different websites, this can be the cause of the malware.

Shares

11 COMMENTS


  1. Once upon a time there was something called privacy and it mattered until social networking became a thing and ad selling became the dominant mode of business. But seriously, what they are doing is evil. I was thinking about picking up the cubot x18 for the 18*9 full screen display, just to feel how it works but I think I’ll hold off my money. (But I look forward to your review of the same)


  2. There are apps that we’re once useful, but now are just malware, Opera Mini is the biggest on this list, now I just use chrome, I didn’t know people still used Opera, was fun to use though during the times of Nokia X2 and express music others like power calc want permission to access your contacts, what?? Why? You are a damn calculator app!! I still have the app though it’s data restricted.. and it keeps reminding me of that Everytime I press the home button.


  3. What’s with the increase of such stories especially for phones coming from China???Are they using this to help ‘subsidize’ their phone prices which to be frank are quite a great deal for the specs one is getting.If so why don’t they let potential customers know this clearly before hand??Do we need to be wary of their products since if they can include such software,what’s to prevent them from including other even more malicious ‘addons’ that will steal one’s personal contacts,calls and anything they feel like…CUBOT needs to start acting like a responsible global company else perceptions created buy such discoveries will lead to their downfall.


  4. Another rugged phone! To be water-proof looks like a trend in the phone
    industry. Big brand like iPhone 7, Samsung S7, but they are either of
    poor waterproof performance or expensive. In terms of water-proof and
    drop-proof, I love NOMU as much as ever, a truly professional rugged
    phone maker. (I recently bought its T18, and I’m more than satisfied.)
    For King Kong, I don’t know, we’ll see.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.