Wouldn’t it be nice if there was no such thing as malware or adware? Well, that’s fantasy land. Avast just discovered a new malware called Cosiloon and the kicker is, Cosiloon was pre-installed on devices from manufacturers like ZTE and Archos. It’s one thing to get your device hit with these things by downloading from third-parties and quite another when it’s already on the device. Avast also wanted to make it clear that the majority of the affected devices are not certified by Google.
The adware we analyzed has previously been described by Dr. Web and goes by the name “Cosiloon.” As can be seen in the screenshots below, the adware creates an overlay to display an ad over a webpage within the users’ browser. The adware has been active for at least three years and is difficult to remove as it is installed on the firmware level and uses strong obfuscation. Thousands of users are affected, and in the past month alone we have seen the latest version of the adware on around 18,000 devices belonging to Avast users located in more than 100 countries including Russia, Italy, Germany, the UK, as well as some users in the U.S.
We are in touch with Google and they are aware of the issue. Google has taken steps to mitigate the malicious capabilities of many app variants on several device models, using internally developed techniques. Google Play Protect has been updated to ensure there is coverage for these apps in the future. However, as the apps come pre-installed with the firmware, the problem is difficult to address. Google has reached out to the firmware developers to bring awareness to these concerns and encouraged them to take steps to address the issue.
It’s pretty safe to say that the majority of U.S. users probably won’t have to worry about Cosiloon being pre-installed. Though it’s not outside the realm of possibility. Our overseas readers are more likely to encounter the issue. Be sure to hit the link below to read Avast’s full report on the whole situation.