Amazon is in trouble this week after a huge shipment of Android tablets was discovered to contain a pre-installed Trojan.
That Trojan is known as Cloudsota and it was discovered on brand new Android tablets sold by Amazon and other major marketplaces.
Credit for identifying this malware goes to researchers from the Cheetah Mobile Security Lab, who claim that the Cloudsota Trojan “can install adware or malware on the devices and uninstall anti-virus applications silently.”
If the Trojan is granted root permission, then it will also be able to automatically open all installed applications.
Other scary things this Trojan can do include replacing your boot animation and wallpapers with advertisements. It can also block your browser’s homepage and redirect you towards malicious websites whenever you try to use your browser.
The Trojan appears to have originated from China. In an analysis of Cloudsota, Cheetah Mobile traced the WHOIS information on the Trojan’s server to Shenzhen, China.
How to Avoid the Cloudsota Trojan
One of the most annoying things about the Cloudsota Trojan is how difficult it is to avoid: since the malware comes pre-installed on tablets, you may not get the chance to avoid getting the Trojan.
In one analysis, Cheetah Mobile claimed that 17,233 infected tablets had been delivered to customers’ hands, with thousands more waiting to be shipped out in warehouses. Those customers were in 153 countries around the world. Users in the United States, Mexico, and Turkey appear to be suffering the most.
The virus has been discovered on 30 tablet brands. The most commonly-infected tablets are no-brand tablets that have Allwinner chips installed.
The other 10 most commonly-infected brands include all of the following (although I’d be surprised if you recognize any of these names):
Making matters worse is that many of the tablets are still being openly sold on Amazon. You can visit those pages today and read reviews from customers who are complaining about large numbers of advertisements and popups.
Some of the similarities of the infected tablets include:
-Manufactured by nameless, small-scale workshops and sold without brand names
In a warning, Cheetah Mobile said the following:
“This Trojan has existed for quite some time and victims have been consistently asking for help at Android forums like XDA, TechKnow and others. While most people have no idea about Cloudsota’s potential risks, it is a ticking time bomb threatening your privacy and property.”
How to Remove the Virus
Cheetah Mobile has published the best manual removal instructions on their official blog here.
Ultimately, it’s clear that cheap Android tablet manufacturers have to make their money somehow: if you’re getting something for free or at a reduced cost, then you’re the product being sold.
Photos courtesy of Cheetah Mobile at CMCM.com.