Security researchers have revealed that over 30 different cheap independent Chinese brands of Android tablets being sold by Amazon and other retailers come pre-installed with malware, infecting users in 150 countries.
After reading posts from victims on popular Android forums and customer reviews on Amazon, Cheetah Mobile Security Lab decided to investigate the existence of a particularly nasty trojan called Cloudsota.
Cloudsota is currently installed on at least 30 low-cost budget Android tablets brands that originate from unknown manufacturers in China. The trojan, which has been traced back to the Chinese province of Guangdong, installs either adware or malware on the tablet and then quietly removes any antivirus apps that the user installs on the tablet.
Malware and popups galore
The trojan's tricks include causing endless popup ads to appear on the tablet, replacing the Android animation when the tablet boots up and the tablet's wallpaper with ads and changing the homepage of the browser to redirect search results to advertising webpages.
Even more annoying, the tablets also come with malware that locks the device in "demo mode" the moment it is booted up, with the word "Demo" in large red letters in the centre of the screen unable to be removed.
The trojan is embedded in the tablet's operating system, so even when the researchers tried to remove it, it returned when they rebooted the device, a complaint that has been echoed on Android forums on the internet.
Certain tablets are only available on certain Amazon sites, so the researchers investigated cheap tablets on Amazon UK, Amazon US, Amazon Germany, Amazon Italy and Amazon Spain. Some of the tablets have no name but are sold by a specific online company, while other tablets have a brand name but are sold by a seller with a username that does not sound like a company name.
Cheetah Mobile Security Lab says it contacted Amazon every single time it came across an infected brand of tablet that was being sold on Amazon, but a cursory look by IBTimes UK on Amazon UK and Amazon US showed that many of the brands highlighted by the researchers are still on sale.
The researchers estimate that 17,233 infected tablets have already been sold to consumers in 150 countries, with the most amount of infected tablets going to the US, Mexico, Turkey, Spain and Russia, but many more tablets are now waiting in stock for the Christmas season.
Which tablet brands should you avoid?
It may not be all 30, but based on the research from Cheetah Mobile Security Lab and our searches on Amazon, we have compiled a list of Android tablet brands currently being listed on Amazon that online shoppers everywhere should definitely avoid purchasing:
Fusion5, Tagital, Rockchip, Yuntab, WonderMedia, Allwinner, SoftWinners, JYJ, JEJA and NATPC.
You will find these brands listed either within the URL listing title in search results, or within the full listing title on the product page, or listed as the seller's name, which is beneath the listing title.
You probably know this, but you should also make sure to read the customer reviews that accompany every Amazon listing before you make any purchases. During our research, we found negative reviews mentioning malware problems independent from the ones highlighted by the researchers.
"For online stores, we suggest these dealers more strictly vet their product vendors. For tablet buyers, do not take the risk of trying tablets from nameless manufacturers just to save some money," the researchers write on their blog post.
If you have come upon this article because you have unfortunately purchased or been given a tablet that you suspect is infected with Cloudsota, the researchers have kindly provided a step-by-step guide on how to remove the malware.
IBTimes UK has contacted Amazon for comment on why the infected tablets are still available for sale and is waiting for a response.