When Mxolosi saw a Tecno W2 smartphone in a store in Johannesburg, South Africa, he was drawn to its looks and functionality. What really attracted him, however, was the price of around $ 30 – far less than comparable models from Samsung, Nokia or Huawei, the other top brands in Africa.
“They are very attractive and eye-catching,” Mxolosi, who asked that his last name not be used to protect his personal safety, told BuzzFeed News. “To be honest, I was a Samsung fan, but I said, ‘Let me try this new product.'”
It was another sale for Transsion, the Chinese company that makes Tecno and other budget smartphones and basic phones for the developing world. Since the release of his first smartphone in 2014, the upstart has grown to become Africa’s top cell phone supplier, beating long-time market leaders Samsung and Nokia.
But its success can come at a price. Mxolosi, an unemployed 41 year old, was frustrated with his Tecno W2. Pop-up ads interrupted his calls and chats. He would wake up to find that his prepaid data was mysteriously exhausted and news of paid subscriptions to apps he’d never asked for.
“It was expensive for me, and at some point I stopped buying data because I didn’t know what it was eating up,” he said.
He thought it might be his fault, but according to an investigation by Secure-D, a mobile security company, and BuzzFeed News, the software immediately embedded in his phone emptied his data while he tried to steal his money. Mxolosis Tecno W2 was infected with xHelper and Triada, malware that secretly downloaded apps and tried to subscribe to paid services without his knowledge.
Secure-D’s system, which wireless carriers use to protect their networks and customers from fraudulent transactions, blocked 844,000 transactions associated with preinstalled malware on Transsion phones between March and December 2019.
Geoffrey Cleaves, managing director of Secure-D, told BuzzFeed News that Mxolosi’s data was consumed by the malware when it tried to subscribe to it for paid services. “Imagine how quickly his data would go away if the subscriptions were successful,” he said.
Along with South Africa, Tecno W2 phones were infected in Ethiopia, Cameroon, Egypt, Ghana, Indonesia and Myanmar.
“Transsion traffic accounts for 4% of users in Africa, yet it accounts for over 18% of all suspicious clicks,” Geoffrey Cleaves, managing director of Secure-D, told BuzzFeed News.
It’s the latest example of cheap Chinese smartphones taking advantage of the world’s poorest people. Current security concerns related to Chinese apps and hardware have largely focused on potential backdoors in Huawei’s 5G devices. More recently, people have been focusing on how user data collected by TikTok could be misused by the company and the Chinese government. However, an overlooked and lingering threat is the constant presence of malware on cheap smartphones from Chinese manufacturers and the demand for a digital tax on low-income people.
A Transsion spokesperson told BuzzFeed News that some of the company’s Tecno W2 phones contained the Triada and xHelper hidden programs, and accused an unidentified “supply chain vendor”.
“We have always placed great emphasis on consumer data security and product safety,” they said. “Every software installed on every device goes through a series of rigorous security reviews, including our own security scanning platform, Google Play Protect, GMS BTS, and VirusTotal test.”
The spokesman said Transsion did not benefit from the malware and they declined to say how many phones were infected.
Michael Kwet, a visiting scholar on the information society project at Yale Law School, who did his PhD in South Africa, described the idea of Chinese-made phones extracting data and money from people in poverty as “digital colonialism.”
“When you don’t have disposable income, you basically have the people who keep track of your data,” he told BuzzFed News. “The problem we have here is that we don’t have a rational business model for a digital society.”
Although largely unknown outside of Africa and in developing countries, Transsion is the fourth largest mobile phone maker in the world after Apple, Samsung, and Huawei, but it is the only manufacturer in this group that is solely focused on low-income markets.
The need to keep costs down opens the door to malware and other vulnerabilities, according to Cleaves. “A scammer can take advantage of this low price wish by offering his own [hardware or software] Services, even if they know they can get the cost back through this ad scam, ”he said.
Secure-D detected pre-installed malware on Alcatel phones made by TCL Communication, a Chinese mobile phone manufacturer, in Brazil, Malaysia and Nigeria. It also showed how Chinese technology, pre-installed on cheap smartphones in Brazil and Myanmar, robbed users with fraudulent transactions.
“In many cases it is [a consumer’s] It’s the first smartphone and the first time they’ve had internet access, ”said Guy Krief, board member of Upstream Systems, the UK company that operates Secure-D, to BuzzFeed News. “The data eaten by the malware – that’s a very important part of their income.”
Kenneth Adu-Amanfoh, executive director of the Africa Cybersecurity and Digital Rights Organization, said Chinese phones with malware pre-installed have become a major threat on the continent.
“You have all of these wonderful features cheaply, but there are hidden costs,” he told BuzzFeed News. “There are many Chinese phones that have malware installed on them.”
“At some point I stopped buying data because I didn’t know what was eating it up,” said Mxolosi, who had to close a café he was running because of the corona virus. According to the Johns Hopkins University, South Africa has the fifth highest number of COVID-19 cases in the world.
To learn that his smartphone had stolen his money felt like another hardship. “Poor people get poorer. People are starving, ”he said.
People in the United States are also being exploited. Earlier this year, Malwarebytes, a security company, found pre-installed malware of Chinese origin in two phones offered to low-income citizens under the US government’s Lifeline program, which provides subsidized phones and mobile data. Both phones were made by Chinese companies.
Nathan Collier, a senior mobile malware analyst at Malwarebytes, said cheap Chinese smartphones are a security risk for low-income people around the world.
“It looks like we’re going to keep seeing the same story over and over again about a cheap phone from China with Chinese malware that gets into the hands of people who can’t afford a more expensive phone,” he told BuzzFeed News. “Having malware preinstalled right on your phone if you turn it on right away is gross and nasty.”
Collier investigated Triada and xHelper and said they were “the first malware [he’s] even seen where a factory reset doesn’t care. This is a game changer. “
Typically, malware like Triada and xHelper requires someone to be tricked into installing them on their phones instead of installing them straight from the factory. It is widely used to serve invasive ads that send money back to anyone who controls the malware. But it can also be used to install apps with which the victim subscribes to paid services via monthly billing or prepaid data. So cash is withdrawn directly from the owner of the phone.
Transsion announced it had made a fix for Triada in March 2018 after reports found its presence on W2 smartphones. Transsion announced that a fix for xHelper was also shipped in late 2019. In both cases, phone owners had to download the fixes and update their phones.
According to Cleaves, Secure-D continued to block Triada and xHelper-related transactions on Transsion phones through April this year, albeit at a lower volume than before.
“While xHelper appears to have entered a dormant period, we have no reason to believe it has gone,” he said. “There is no reason to believe that the perpetrators behind this malware will simply give up. This extremely virulent malware resides on millions of devices and it is only a matter of time before it strikes again. “
Mxolosi said he had no idea which company made his phone. He was surprised and disappointed to hear that it was a Chinese company.
“Oh God. That means that the Chinese are only tearing us off left, right and in the middle,” he said, comparing his malware-riddled smartphone with fake designer fakes from China that are flooding South Africa [counterfeit versions] of clothes made in the USA. They come in and do them with poor quality. “
Mxolosi said he plans to buy another Tecno phone until BuzzFeed News let him know what was wrong with his W2. Now he’s looking for other options.
“Now I never would,” he said. “With this device, I would spend more on this phone. Why should I do this while we have money problems? “●
Additional coverage from Odanga Madung.