The UMX U686CL is a low-cost mobile phone with unwanted and un-removable surprises.
One of the low-cost smartphones available through the U.S. government’s “Lifeline Assistance” service comes with pre-installed malware built right in.
The phones are provided to users of the FCC-operated program when they can’t otherwise afford them.
The Lifeline Assistance program helps low-income households offering, among other things, smartphones at a lower cost for individuals who wouldn’t otherwise be able to afford these devices at full price. The program is meant to be helpful for these families, providing a number of free and heavily reduced-cost offers. However, according to Malwarebytes antivirus software maker, one smartphone may come with more than users expected.
Malwarebytes released a report stating that the UMX U686CL contains pre-installed malware. It is sold by a U.S. government-funded branch of Virgin Mobile called Assurance Wireless. The antivirus software company stated in the report that the device contains malware that is already built-in and that cannot be removed. The company first spotted the malicious software on October 2019, when it started receiving several complaints of malicious apps from owners of that device model.
Malwarebytes confirmed the pre-installed malware claim by purchasing its own model of the phone.
The company bought a UMX U686CL to verify the claims made about the phone. What they discovered was concerning. The first thing they found was that there was an app pre-installed on the device called “Wireless Update”. It was classified as “Android/PUP.Riskware.Autoins.Fota.fbcvd.”
Reportedly, that mobile app starts automatically installing other applications – without requiring the user to consent to these installations – from the moment the device is initially turned on. According to Malwarebytes, the apps installed in this way aren’t necessarily harmful in and unto themselves. However, the very nature of the Wireless Update app places users at risk.
Since it does not require the user’s consent to install new apps, even if the first installations aren’t harmful, this doesn’t 
stop the pre-installed malware from bringing in some problems later on. Moreover, Malwarebytes also discovered that the Settings menu on the UMX U686CL is in fact a “heavily-obfuscated piece of malware” called a “Trojan Dropper”.