A security firm has discovered that tens of thousands of tablets sold on Amazon.com and elsewhere came pre-loaded with the Cloudsota Trojan.
Chinese mobile Internet security company Cheetah Mobile has published a post about its findings. In it, it highlights the complaints of many customers regarding these tablets’ poor quality of manufacture, with one buyer stating that he received “a horribly refurbished” device instead of a brand new one.
Even so, Cheetah Mobile dedicates the majority of its post to investigating Cloudsota:
“The Cloudsota Trojan enables remote control of the infected devices, and it conducts malicious activities without user consent,” the firm explains. “The CM Security Lab has detected that Cloudsota can install adware or malware on the devices and uninstall anti-virus applications silently. With root permission, it is able to automatically open all installed applications. Furthermore, we found that the Trojan replaces the boot animation and wallpapers on some devices with advertisements.”
If all of this were not enough, the Trojan can also lock a device in demo mode, with the word “DEMO” displayed in huge red letters across the tablet screen. According to International Business Times UK, Cloudsota derives this particular ability from the fact that it embeds itself in the Android operating system, which makes the malware difficult for users to remove.
In total, Cheetah Mobile states that more than 17,000 affected tablets have been sold on Amazon and elsewhere on the web.
Going forward, the firm recommends that users beware of purchasing infected devices manufactured under the brands Alldaymall Tablet, FUSION5, JEJA 7 Zoll, JYJ 7, Tagital, and Yuntab SZ Wave, among others.
The top 10 Cloudsota-infected brands are displayed in the graph below:
Users who believe they have an affected device are encouraged to manually uninstall the Trojan by following Cheetah Mobile’s guidelines here.
As of this writing, Amazon has yet to comment on the security firm’s findings.
To learn more about how you can help ensure the web security of your mobile device, please click here.