Rooted, Trojan-infected Android tablets sold on Amazon

If you want to buy a cheap Android-powered tablet, and you’re searching for it on Amazon, the best thing you can do is carefully read all the negative reviews you can find. If you are lucky, you’ll see some that will warn you about the device being rooted and coming pre-installed with malware.

Security researchers from Cheetah Mobile have recently discovered a slew of these devices – over 30 tablet brands in total – being sold on Amazon and other reputable online stores.

Here‘s a short overview of affected devices, along with a sample of reviews warning about the malware.

The malware in question is the Cloudsota Trojan, which allows remote control of the infected devices and conducts malicious activities without user consent.

It can install additional adware or malware, uninstall anti-virus and other security apps. It has root permissions, so it can automatically open all the additional apps it has installed. It also replaces the boot animation and wallpapers on the devices with advertisements, and changes the browser’s homepage and redirects search results to strange ad pages.

Worst of all, even if the user manages to remove it, it will reappear after each reboot of the device.

The researchers posit that the attackers who did this are from China, as much of the Trojan’s code is written in Chinese, its C&C server is registered in Shenzhen, and the manufacturers of tablets are all from China.

“According to our rough estimation, at least 17,233 infected tablets have been delivered to customers hands,” they noted, but added that since many tablets are not protected by AV apps, the number could be much greater. “These tablets share some similarities that all of them are low-priced and manufactured by nameless small-scale workshops.”

The devices have been shipped around the world, but Mexican, USA and Turkish buyers were most hit.

The researchers have notified Amazon and other online retailers of the problem, and have advised manufacturers to investigate their system firmware. They have yet to receive a response from the latter, and they doubt they will.

Retailers could solve this problem by vetting more strictly the manufacturers whose products they sell, but buyers shouldn’t count on that entirely, and should do their own checking before buying things.

Users who have bought one of these devices can follow these steps to remove the malware.