A US-funded government assistance program is selling budget-friendly mobile phones that come pre-installed with unremovable malicious apps.
UPDATE: January 10, 2020
At time of original publication, we were not yet able to replicate the malware Android./Trojan.HiddenAds being dropped on our test device, though multiple users had reported that a variant of HiddenAds suddenly installed on their UMX mobile phone.
As of today, we are now able to report that our UMX U683CL test phone has become infected with a variant of HiddenAds we detect as Android/Trojan.HiddenAds.WRACT. This variant has been observed in the wild since spring 2019. It runs silently in the background and does not create an app icon. Evidence of its running in the background can be seen in the mobile device’s notifications. A notification box that changes its title name is highlighted below in red.