Skip to main content

Avoid the latest Android malware scare by remembering this one thing

Antivirus company Avast has discovered hundreds of Android-based devices — mostly tablets — have malware hidden deep inside the firmware, spreading annoying ads and potentially leading the unwary to download compromised apps. The list of manufacturers affected includes ZTE, a company facing its own problems at the moment, along with Archos and many others. Don’t throw your Android device away, though — it’s highly unlikely you’re personally affected by this, and if you’re not, there’s a very easy way to avoid it in the future too.

On the infected hardware, Avast identified adware called Cosiloon, which is downloaded and installed by what’s called a “dropper,” a special program encoded in the device’s firmware. Cosiloon links itself to advertising networks provided by Google, Facebook, and Chinese technology company Baidu, then shows pop-up ads, banners, and other annoying interruptions over the top of the Android operating system. These ads are often for potentially compromised apps.

Nasty, right? No one wants extra ads, least of all ones that are difficult to remove without the use of an antivirus program. Additionally, it’s more bad press for ZTE, a company that has sold phones and tablets all over the world for years. Avast says it identified devices infected with the malware in Europe and the U.S., suggesting the problem is widespread. Plus, while it serves ads now, the dropper could be used to install far worse in the future, including spyware.

Don’t panic

While it’s reasonable to be concerned about malware and security issues on any device we own, and for Avast to track these incidents, you probably don’t have to worry this time. Avast points out that the majority of devices it tracked didn’t come with Google Play installed, and were not Google certified. Also, while many are listed, the bar for inclusion was set at “more than 10 unique users in the last month.” It also tracked another 800 devices that had fewer than 10 unique users.

While ZTE features several times on the list, the devices are old and often regional variants. Almost all other affected devices are made under contract by companies most will not know, and based on the low bar of acceptance onto Avast’s list, may not have sold in great numbers either. If you haven’t bought an incredibly cheap Android product without Google Play Services installed over the past few years, you can go about your day worry-free.

How about avoiding the problem in the future? The solution is to buy a Google-certified product (which will have Google Play Protect in place to keep you safe) from a recognized manufacturer. Google lists its certified partners here. No, it’s not a guarantee — Archos is a Google-certified partner, for example — but the chance of encountering Cosiloon or any other preinstalled adware is far, far lower.

If you do own one of the devices Avast lists, or have seen activity that makes you suspect the presence of Cosiloon on your Android tablet or phone, then Avast provides information on how to remove it and the dropper that installed it in the first place. It’s also working with providers and domain registrars to get the problematic servers closed down permanently.

Andy Boxall
Andy is a Senior Writer at Digital Trends, where he concentrates on mobile technology, a subject he has written about for…
The OnePlus Pad is a lovely Android tablet with a surprising flaw
OnePlus Pad with keyboard case and stylus.

The OnePlus Pad is a story of what could have been if Android was better optimized for trackpads on keyboard accessories. That may sound like a small, niche complaint, but it's played a big role in my enjoyment (and frustration) with the tablet.

Using the OnePlus Pad can be glitchy and buggy at times, but despite its imperfect trackpad implementation (often resulting in me getting frustrated and wanting to move to my laptop for work), the tablet is surprisingly good for being your media consumption device.

Read more
I used AR glasses with Android tablets and iPads. Only one was good
Two pairs of AR glasses on top of an iPad and an Android tablet.

When Apple announced its overtly expensive Vision Pro AR headset, arguably its biggest promise had little to do with hardware. The company says “hundreds and thousands of iPhone and iPad apps" run well on Vision OS, and they will be ready to boot on the Vision Pro on launch day.

Apple made an ever bigger promise to developers. “By default, your iPad and/or iPhone apps will be published automatically on the App Store on Apple Vision Pro,” the company said. That’s akin to solving the biggest problem for an experimental class of hardware.

Read more
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more