Budget Android tablets infected with Trojan malware

A number of budget Android tablets made by Chinese manufacturers come pre-installed with malware.

Researchers at Cheetah Mobile Security Lab found that more than 30 different infected devices were being sold by online retailers, such as Amazon.

Read more: Google finds ‘high impact’ Android security flaws introduced by Samsung

Specifically, a dangerous Trojan, dubbed Cloudsota, has been identified, capable of installing adware or malware on the tablet, before deleting any antivirus software that the user may have downloaded. Users with an infected tablet may experience countless popups, with ads even replacing the normal Android boot up screen and the user’s wallpaper. The Trojan also locks the device in “demo mode,” something normally reserved for taking tablet screenshots.

“According to our rough estimation, at least 17,233 infected tablets have been delivered to customers hands,” the researchers explain. “The estimation is based on anonymous data collected by Cheetah Mobile. Since many tablets are not protected by anti-virus applications, the number may actually be significantly greater.”

The Cloudsota Trojan is embedded in the tablet’s operating system, making it difficult to remove, although the researchers have provided an uninstall guide. Essentially, the best way of avoiding the malware is to only buy tablets from trusted suppliers. Cheetah Mobile Security has identified a number of brands to avoid, including Fusion5, Yuntab and SoftWinners, but checking customer reviews is also useful for identifying infected hardware.

Read more: Adware flare-up another blow for Android security

Although consumers should be careful before making purchases online, particularly from unknown manufacturers, there is also pressure on Amazon to conduct more thorough checks on its sellers. While some of the identified tablets have been removed from the site, a number of others remain available to purchase.b