Malware Discovered Pre-Installed On Second Lifeline Program Phone


Malwarebytes has discovered another Lifeline Assistance Program phone that shipped with malware pre-installed, reports indicate. That marks the second run of malware discovered in the program that was installed prior to shipment. In fact, the malware on the device includes the phone's Settings application.

The phone, an ANS UL40 shipped as part of the program via Assurance Wireless by Virgin Mobile, was a donation. It was provided to Malwarebytes by patron Rameez H. Anwar following a similar report about another device on the program. Namely, the UMX (Unimax) U683CL. And it contains no fewer than two instances of malware. Both are in system-level applications, the Settings app, and the Wireless Update app, and are unremovable.

What malware was found?

There were two different types of malware discovered on the ANS UL40. So this case is ultimately very similar to the previous discovery. And, in fact, the Settings app is effectively the same as was found in the above-mentioned previous investigation by Malwarebytes. That's a Trojan referred to as "Downloader Wotby" and it can download apps externally.


The second malware, found in the Wireless Update app, is a "Potentially Unwanted Program." It can automatically install apps without permission or knowledge.

In both cases, the apps are able to download and install apps without permission. And that means that other malware could potentially find its way onto the technology without too much effort.

Pre-installed malware is far too common, both on and off the Lifeline program

Now, no evidence has been found that either of the vulnerabilities was exploited. It's also not immediately apparent whether the device in question is still being offered. But that's not necessarily reassuring. As noted already, this isn't the first time such software has been found pre-installed on a phone sold as part of the government-funded Lifeline program.


Of course, this isn't an issue that's limited to budget-friendly devices on offer through government assistance programs. Pre-installed malware has also been seen on other gadgets frequently enough over the past couple of years. But it presents a unique problem for low-income families that rely on the program. Particularly since other comments on Malwarebytes investigation reports hint at further devices that may be affected. Those haven't been tested since they aren't readily available outside of signing up for the program.