Chinese phone maker denies handset in Lifeline program came with preinstalled malware

Unimax says no customer data has been compromised.

Oscar Gonzalez Former staff reporter
Oscar Gonzalez is a Texas native who covered video games, conspiracy theories, misinformation and cryptocurrency.
Expertise Video Games | Misinformation | Conspiracy Theories | Cryptocurrency | NFTs | Movies | TV | Economy | Stocks
Oscar Gonzalez
2 min read
Hacked Phone

Malwarebytes Labs said it received reports of the malware problems in October.

Getty Images

The Chinese manufacturer of phones provided to low-income families in the US as part of a federal program says its devices don't come with malware already installed. This comes a week after a report from an anti-malware software company said the phones contained two malicious pieces of software that required several steps to remove.

Unimax, the maker of the UMX U683CL, released a statement Thursday regarding the phone mentioned in a blog post from Malwarebytes Labs on Jan. 9.  It examined the handset and found no malicious software installed. 

"After investigating this issue, Unimax Communications has determined that the applications described in the posting are not malware," the company said. "In reviewing these applications, however, Unimax Communications has determined that there may be a potential vulnerability in the Settings App library. Because of this, Unimax Communications has updated software to correct the potential vulnerability. To Unimax Communications' knowledge, no customer data has been compromised."

The report about the budget Android phone, which is provided by Sprint-owned Assurance Wireless as part of the US government's Lifeline Assistance program, found two pieces of malware suspected of being of Chinese origin. Malwarebytes Labs said it received reports of the malware problems in October. 

"We stand by our original assertion that the Settings app is malicious due its Trojan Dropper capabilities," said Malwarebytes' Nathan Collier, senior malware intelligence analyst who wrote the original report, in an email Friday. "The dropping of Android/Trojan.HiddenAds on the UMX is indisputable. However, the goal of our post was to inform and protect users. We're glad Unimax is taking action so that our customers can safely use their devices."

Sen. Richard Blumenthal, a Democrat from Connecticut, and Sen. Ron Wyden, a Democrat from Oregon, penned a letter to Sprint CEO Michel Combes on Thursday about the infected phones. The two requested that the carrier look into the problem further. 

"Mobile carriers and smartphone manufacturers should not sacrifice due diligence in the race to put devices on the market," the senators said in the letter. "It is urgent that Sprint addresses the risks posed by this specific device and takes comprehensive action to ensure that it does not sell dangerous devices to the public."

Among the senators' requests were for Sprint to contact those possibly affected, provide replacements to those who have infected phones and to verify whether other phones used in the program contain the same malware. 

A company spokesperson said it will respond directly to the senators regarding the specific questions outlined in the letter. 

Phones at CES 2020: Cheap, shiny, 5G and concepts

See all photos

Originally published Jan. 10, 8:19 a.m. PT.
Updates, Jan. 10,11:51 a.m.: Adds comments from Sprint and FCC. Jan. 16: Adds mention of letter from senators. Jan. 17: Adds comment from Unimax and Malwarebytes.