Tecno sold thousands of phones with malware

Tecno Mobile dominates Africa's smartphone market. [Courtesy]

China's Transsion Holdings, the firm that makes Tecno and other low priced smartphones has been accused of selling handsets with pre-installed software that drains mobile data.

Since releasing its first smartphone in 2014, the upstart has grown to become Africa’s top handset seller, beating out long-time market leaders such as Samsung and Nokia.

Tecno Mobile dominates Africa's smartphone market with a 41 per cent share, according to market research firm IDC.

The malware that eats up mobile data and registers users to subscription services without authorisation was first detected in the smartphones sold in Africa two years ago.

The Triada malware has been discovered on Tecno W2 smartphones in countries such as Ethiopia, Ghana, Cameroon and South Africa.

According to an investigation by Secure-D, a mobile security service, and BuzzFeed News, software embedded in the phones right out of the box was draining users’ data and money.

Their investigations showed that some of the Tecno W2 smartphones were infected with xHelper and Triada, malware that secretly downloaded apps and attempted to subscribe users to paid services without their knowledge.

Secure-D’s system, which mobile carriers use to protect their networks and customers against fraudulent transactions, blocked 844,000 transactions connected to preinstalled malware on Transsion phones between March and December 2019.

In the report published this week in partnership with BuzzFeed, Secure-D said it recorded 19.2 million suspicious transactions since March 2019 from over 200,000 unique devices.

"The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against," said Secure-D’s Managing Director, Geoffrey Cleaves.

"This particular threat takes advantage of those most vulnerable," he added.

In a statement to CNN Business, Tecno Mobile said the problem "was an old and solved mobile security issue globally" for which it issued a fix in March 2018. Consumers currently experiencing difficulties should download the fix through their phones or contact after sales support, it added.

A Transsion spokesperson told BuzzFeed News that some of the company's Tecno W2 phones contained the hidden Triada and xHelper programs, blaming an unidentified “vendor in the supply chain process.”

“We have always attached great importance to consumers’ data security and product safety,” they said. “Every single software installed on each device runs through a series of rigorous security checks, such as our own security scan platform, Google Play Protect, GMS BTS, and VirusTotal test.”

The spokesperson said Transsion did not profit from the malware, and they declined to say how many handsets were infected.

Secure-D has continued to block transactions related to Triada and xHelper on Transsion phones into April 2020, though at a lower volume than before.

“Although xHelper appears to have entered a dormant stage, we have no reason to believe it's gone away,” said Secure-D’s MD Geoffrey Cleaves. “There’s no reason to believe that the perpetrators behind that malware are just going to give up. They’ve got this extremely virulent malware sleeping on millions of devices, and it’s just a matter of time before they strike again.”