Researchers at Malwarebytes have uncovered malware pre-installed on phones offered under the US government-funded Lifeline Assistance program.

Assurance Wireless by Virgin Mobile offers the UMX U686CL phone as their most budget-friendly option at only $35 under the scheme. However, users are getting more than they bargained for. An app called Wireless Update is designed to update the phone's OS but can also install other apps without consent.

The app is a variant of Adups, created by a China-based company caught collecting user data, creating backdoors for mobile devices and, yes, developing auto-installers.

Unfortunately this isn't the only problem. The device's own Settings app functions as a heavily-obfuscated malware detected by Malwarebytes as Android/Trojan.Dropper.Agent.UMX. It gets worse too, because the app serves as the dashboard from which settings are changed, so removing it would leave the device unusable.

Writing on the company's blog, Nathan Collier, senior malware intelligence analyst at Malwarebytes says:

Although we do have a way to uninstall pre-installed apps for current Malwarebytes users, doing so on the UMX has consequences. Uninstall Wireless Update, and you could be missing out on critical updates for the OS. We think that's worth the tradeoff, and suggest doing so. But uninstall the Settings app, and you just made yourself a pricey paper weight. We do offer an attempt to remediate such pre-installed malware in our blog: The new landscape of pre-installed mobile malware: malicious code within.

It's often a risk with budget devices that they may harbor hidden threats, but it's worrying that these phones are being supplied under a government-backed scheme. Malwarebytes contacted Assurance Wireless with its findings but has not received a response.

You can find out more on the Malwarebytes blog.

Photo credit: LoveFreedom / Shutterstock