The thought of your smartphone being affected by malware itself is terrifying and therefore to protect your personal data lots of OEMs try to protect you from it by implementing enhanced security features. But looks like some companies are injecting malware themselves.
Avast (antivirus company) found out that low-cost, non-Google-certifed android phones from ZTE, Archos and myPhone are shipped with malware as a system application. This malware is called Cosiloon, it overlays ads on your smartphone and might trick you into downloading some applications.
This malware app is referred as dropper, this is the official explanation by Avast. “The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under ‘settings.’ We have seen the dropper with two different names, ‘CrashService’ and ‘ImeMess’. The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we’ve never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK.”
If your device is one of the affected once you can follow these instructions provided by Avast. “