When Mxolosi saw a Tecno W2 smartphone in a store in Johannesburg, South Africa, he was drawn to its looks and functionality. But what really appealed to him was the price, around $ 30 – way less than comparable models from Samsung, Nokia or Huawei, the other big African brands.
“They are very attractive and appealing to your eyes,” said Mxolosi, who requested that his last name not be used to protect his personal safety, told BuzzFeed News. “Honestly, I was a Samsung fan, but I said, ‘Let me try this new product.’”
It was another sale for Transsion, the Chinese company that makes Tecno and other low-cost smartphones, as well as basic handsets, for developing countries. Since the release of his first smartphone in 2014, the upstart has become Best Handset Seller in Africa, beating long-time market leaders Samsung and Nokia.
But its success can come at a price. Mxolosi, an unemployed 41 year old, became frustrated with his Tecno W2. Pop-up ads interrupted his calls and chats. He would wake up to find his prepaid data mysteriously depleted and messages about paid subscriptions to apps he had never requested.
“It was expensive for me, and at one point I ended up not buying data anymore because I didn’t know what was eating it,” he said.
He thought maybe it was his fault, but according to an investigation by Secure-D, a mobile security service, and BuzzFeed News, software built into his phone right out of the box was depleting his data while trying to steal his money. Mxolosi’s Tecno W2 got infected with xHelper and Triada, malware that secretly downloads apps and tries to subscribe to paid services without its knowledge.
The Secure-D system, which mobile carriers use to protect their networks and customers from fraudulent transactions, blocked 844,000 transactions connected with malware preinstalled on Transsion phones between March and December 2019.
Secure-D chief executive Geoffrey Cleaves told BuzzFeed News that Mxolosi’s data was used by the malware as it attempted to subscribe to paid services. “Imagine how quickly his data would disappear if the subscriptions were successful,” he says.
In addition to South Africa, Tecno W2 phones in Ethiopia, Cameroon, Egypt, Ghana, Indonesia and Myanmar have been infected.
“Transsion traffic represents 4% of the users we see in Africa. Yet, it contributes over 18% of all suspicious clicks, ”Secure-D CEO Geoffrey Cleaves told BuzzFeed News.
This is the latest example of how cheap Chinese smartphones are taking advantage of the world’s poorest people. Current security concerns regarding Chinese apps and hardware have largely focused on potential backdoors in Huawei’s 5G gear. More recently, people have focused on how user data collected by TikTok could be misused by the Chinese company and government. But a neglected and persistent threat is the constant presence of malware on cheap smartphones from Chinese manufacturers and the way it imposes a digital tax on low-income people.
A spokesperson for Transsion told BuzzFeed News that some of the company’s Tecno W2 phones contained the hidden Triada and xHelper programs, blaming an “unidentified supplier in the supply chain process.”
“We have always attached great importance to consumer data security and product safety,” they said. “Every software installed on every device goes through a series of rigorous security checks, such as our own security scanning platform, Google Play Protect, GMS BTS, and VirusTotal test.”
The spokesperson said Transsion did not take advantage of the malware and declined to say how many handsets were infected.
Michael Kwet, a visiting scholar of the Information Society Project at Yale Law School who obtained his PhD in South Africa, raised the idea that phones made in China are extracting data and money from people living in poverty “digital colonialism. “
“If you don’t have disposable income, you’re basically left with people feeding off your data,” he told BuzzFed News. “The problem we have here is that we don’t have a rational business model for a digital society.”
Although this is largely unknown outside of Africa and in developing countries, Transsion is the fourth largest cellphone maker in the world, behind Apple, Samsung and Huawei, but it is the only manufacturer in this group to focus exclusively on markets at low income.
According to Cleaves, the need to keep costs low opens the door for malware and other vulnerabilities. “A fraudster can take advantage of this desire for low prices by offering his [hardware or software] services, even at a loss, knowing that they can recover the costs through this ad fraud, ”he said.
Secure-D previously discovered malware preinstalled on Alcatel phones manufactured by TCL Communication, a Chinese handset manufacturer, in Brazil, Malaysia and Nigeria. This too exposed how Chinese technology preinstalled on cheap smartphones in Brazil and Myanmar has robbed users with fraudulent transactions.
“In many cases it is [a consumer’s] first smartphone and the first time these people have access to the Internet, ”Guy Krief, board member of Upstream Systems, the UK company that operates Secure-D, told BuzzFeed News. “Data consumed by malware – it’s a very large part of their revenue.”
Kenneth Adu-Amanfoh, the executive director of the African organization for cybersecurity and digital rights, said Chinese phones with malware preinstalled have become a major threat on the mainland.
“You get all of these wonderful features on the cheap, but there is a hidden cost,” he told BuzzFeed News. “There are a lot of Chinese phones that have malware installed.”
“At one point I ended up not buying data because I didn’t know what was eating them,” said Mxolosi, who had to shut down a cafe he ran due to coronavirus. South Africa has the fifth highest number of COVID-19 cases in the world, according to Johns Hopkins University.
Learning that his smartphone was stealing his money was a new ordeal. “The poor are getting even poorer. People are hungry, ”he says.
Americans are also exploited. Earlier this year, Malwarebytes, a security service, found preinstalled malware of Chinese origin in two phones offered to low-income citizens as part of the U.S. government’s lifeline program, which provides subsidized phones and mobile data. Both phones were made by Chinese companies.
Nathan Collier, senior mobile malware analyst at Malwarebytes, said cheap Chinese smartphones pose a security risk to low-income people around the world.
“It seems like we’re seeing the same story over and over again, where there’s a cheap phone made in China with Chinese malware that ends up in the hands of people who can’t afford a more expensive phone,” he said. he told BuzzFeed News. “Having malware preinstalled right in your phone when you immediately turn it on is disgusting.”
Collier researched Triada and xHelper and said they were “the first malware [he’s] even seen where a factory reset doesn’t take care of it. It changes the game. “
Typically, malware like Triada and xHelper requires someone to have it installed on their phone, rather than bringing it straight from the factory. It is often used to serve invasive ads that send money back to anyone who controls the malware. But it can also be used to install apps that subscribe the victim to paid services through monthly billing or prepaid data – siphoning money directly from the phone owner.
Transsion said they created a patch for Triada in March 2018 after reports has identified its presence on W2 smartphones. Transsion said they also shipped a patch for xHelper at the end of 2019. In both cases, phone owners had to download the patches and update their phones.
Cleaves said Secure-D continued to block Triada and xHelper related transactions on Transsion phones until April of this year, but at a lower volume than before.
“Although xHelper appears to have entered a phase of dormancy, we have no reason to believe that it is gone,” he said. “There is no reason to believe that the authors of this malware will just give up. They have this extremely virulent malware that sleeps on millions of devices, and it’s only a matter of time before they strike again. “
Mxolosi said he had no idea which company made his phone. He was surprised and disappointed to learn that it was a Chinese company.
“Oh my God. It means the Chinese are just ripping us off left, right and center,” he said, comparing his malware-riddled smartphone to the Chinese-made designer knockoffs that are flooding the world. South Africa. “We get [counterfeit versions] of clothing made in the United States. They come and make them shoddy. “
Mxolosi said he plans to buy another Tecno phone until BuzzFeed News informs him of what was wrong with his W2. Now he’s looking for other options.
“Now I never would,” he said. “This device would make me spend more on this phone. So why should I go for this when we have money problems? “●
Additional reporting by Odanga Madung.