TECNO smartphones under a malware threat

  • The built- in malware will damage the devices system and consume data,
  • The Triada malware stores malicious components in an undeletable directory,
  • xHelper siphoned massive data and attempted transactions in the background.

Secure D, a team of data scientists noticed a surge of suspicious built-in malware in Tecno W2 devices exported to Ghana, Egypt, Cameroon, South Africa and Ethiopia since March 2019, being sold at low cost, the team recorded 19.2m suspicious subscription sign-ups between March 2019 to August 2020.

The built-in malware found in low priced smartphones suspected to cause damage to the device’s system. The Triada malware found by the firm on the Android smartphones installs malicious code known as xHelper which then finds subscription services and submits fraudulent requests in a sophisticated manner and without the user’s approval. This activity has been recorded from over 200k unique devices.


The Triada malware stores malicious components and in an undeletable file, and install another malware like XHelper. The malware then compromises essential applications on the mobile phone, making changes to its system libraries that protect it from removal attempts factory resets and reboots. Files downloaded by the malware are stored in an undeletable.

The Secure-D team has blocked more than a million of suspicious subscription requests coming from low-end devices made by Transsion, a Chinese manufacturer of affordable smartphones for the African market. An analysis carried out by the team using a combination of device models and firmware versions clarify that phones were used for different purposes and connected to wi-fi or 3G network that is in the South African network.

The Secure-D took an investigation to look for on-device cached versions of the malicious APK files. The filesystem searched for files with a size identical to the downloaded file. The built-in malware found in low priced handsets. In 2019, Secure-D found preinstalled malware in Alcatel Models Pixi 4 and A3 Max, disguised as a weather application which collects and transmits location data, email address and IMEIs to servers in China.

In this regard, people should not only look for low priced devices but they should be careful when buying their smartphones and consult IT experts to help them identify unusual activities as well as protecting their devices.


Please enter your comment!
Please enter your name here