Thousands of low-cost Chinese smartphones, particularly the Tecno W2 devices manufactured Tecno Mobile, were found to come pre-installed with Triada malware. This malware unknowingly signed up mobile users for subscription services without their consent. The discovery was detailed in a report in collaboration with BuzzFeed. It revealed the malware’s prevalence in countries like Ethiopia, Ghana, Cameroon, and South Africa. An anti-fraud platform called Secure-D, conducted a research and recorded 19.2 million suspicious transactions in March 2019 through 2020 affecting over 200,000 unique devices. The malware’s pre-installation on smartphones widely purchased by low-income households underscores the severity of the issue, exploiting the most vulnerable users.
Dominance of Transsion Holdings in Africa’s Smartphone Market
China’s Transsion Holdings is dominating Africa’s smartphone market with over 41% share. It manufactures Android devices, including the affected Tecno W2 smartphones. In contrast to its competitors like Samsung and Apple, Transsion focuses almost exclusively on the African market, listing on China’s Nasdaq equivalent in 2019.
Despite the widespread impact of the malware, Tecno Mobile claims the problem was an old and globally resolved mobile security issue for which a fix was issued in March 2018. Transsion, however, attributes the problem to an unidentified vendor in the supply chain process.
The Impact of Triada Malware
The Triada malware installs the xHelper code on compromised devices, automatically subscribing users to services consuming pre-paid airtime, a common payment method in many developing countries. Secure-D highlights the persistent nature of the xHelper trojan, which survives reboots, app removals, and even factory resets, posing a significant challenge for users and professionals alike. The investigation by Secure-D found evidence linking at least one xHelper component to fraudulent subscription requests via Transsion’s Tecno W2 handsets. Tecno Mobile emphasizes rigorous security checks on installed software, providing periodic security updates to users, while Transsion blames an unidentified vendor in the supply chain process for the malware issue.