Transsion stays tight-lipped on malware claims

28 August 2020 | Melanie Mingas


Chinese phone manufacturer Transsion has still not responded to claims that it sold low-cost devices pre-loaded with malware.

Earlier this week Upstream said its anti-fraud platform Secure-D had detected “suspicious activity” on more than 200,000 Transsion Tecno W2 smartphones, with a quarter infected with the Android trojan, xHelper.

To date, a total of 19.2 million suspicious transactions – which would have signed users up to subscription services without their permission – were recorded by Secure-D from more than 200,000 unique devices.

Google told Upstream that the installation was the action of a “malicious supplier somewhere within the supply chain of affected devices”.

Transsion has yet to comment.

Geoffrey Cleaves, head of Secure-D at Upstream, said: “This particular threat takes advantage of those most vulnerable. The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against.”

Calling it an “unusually large number of transactions” from Transsion Tecno W2 handsets, the activity centred on devices in Ethiopia, Cameroon, Egypt, Ghana, and South Africa, with some fraudulent mobile transaction activity detected in another 14 countries.

Upon further investigation, Secure-D said it also found “components of the xHelper/Triada malware” preinstalled on 53,000 of Transsion’s Tecno W2 smartphones.

Highlighting Cleave’s point in 2017 Mobisol and MTN Rwanda launched a payment scheme for customers buying a Tecno W2 to bring down the cost of the devices even further.

In a press announcement for the offer, the two described the phone as a “high-performance smart phone”, equipped with an Android operating system, a dual SIM for usage of a second SIM card, large touch screen display, 8GB built-in storage space, a high-resolution camera with flash, Wifi and Bluetooth connectivity and long battery life.

Globally, Transsion was the world’s fourth largest mobile phone manufacturer last year and debuted on Chinese stock market the Star Market, on September 20, 2019. Shares closed at $6.48 billion on its first day of trading.

Tecno is one of three devices sold by Transsion in Africa, alongside the Infinix, and Itel. In Q4 2019, the International Data Corporation calculated that Transsion’s devices accounted for a 69.5% share in the feature phone market and a 40.6% share in the African smartphone market, followed in that category by Samsung with a 23% market share and Huawei with 11.4%.

Secure-D did not find evidence of malware in other mobile models.

In addition to phones Transsion is also active in mobile hardware and software, as well as mobile accessories. It is also the force behind Boom player, Africa’s largest music-streaming platform.

Upstream said the xHelper trojan “persists across reboots, app removals and even factory resets, making it extremely difficult to deal with even for experienced professionals, let alone the average mobile user”.

In some circumstances xHelper components can make queries to find new subscription targets and submit fraudulent subscription requests on behalf of the phone’s unsuspecting owner. These requests do not require the phone owner’s permission and are invisible. Had they been successful, they would have consumed each user’s pre-paid airtime – the only way to pay for digital products in many emerging markets.

Secure-D’s investigation found evidence in code and from traffic data to link at least one of the xHelper components (known as “com.mufc.umbtts”) to subscription fraud requests via Transsion’s W2 Tecno-branded handset, which runs on Android OS. In the period under investigation Secure-D detected and blocked nearly 800,000 xHelper suspicious requests from W2 devices.

Cleaves added: “Mobile ad fraud is fast becoming an epidemic which, if left unchecked, will throttle mobile advertising, erode trust in operators and leave users saddled with higher bills. A unified approach is needed to raise awareness.”