Hundreds of brand new Android phones are being sold already preloaded with malware, it has been claimed.

Avast Threat Labs said it has found adware pre-installed on several hundred different Android device models and versions, including devices from manufacturers like ZTE, Archos, and myPhone.

The malware displays ads, and is also believed to send user data to servers.

Scroll down for video

Avast Threat Labs said it has found adware pre-installed on several hundred different Android devices, including those from manufacturers like ZTE, Archos, and myPhone. The malware displays ads, and is also believed to send user data to servers.

WHAT HAPPENS IF YOUR PHONE IS INFECTED? The adware goes by the name 'Cosiloon.' It creates an overlay to display an ad over a webpage within the users' browser. Thousands of users are affected, and in the past month alone Avast said it had seen the latest version of the adware on around 18,000 devices belonging to Avast users located in more than 100 countries including Russia, Italy, Germany, the UK, as well as some users in the U.S. Many of the affected handsets were also infected with two more malware packages, all capable of showing apps, installing additional APKs from the internet and submitting private data such as IMEI, Mac address and phone number to remote servers. Advertisement

'The adware we analyzed has previously been described by Dr. Web and goes by the name 'Cosiloon,' the firm said.

The adware has been active for over three years, and creates an overlay to display an ad over a webpage within the users' browser.

It is particularly difficult to remove as it is installed on the firmware level.

'Thousands of users are affected, and in the past month alone we have seen the latest version of the adware on around 18,000 devices belonging to Avast users located in more than 100 countries including Russia, Italy, Germany, the UK, as well as some users in the U.S.,' Avast said in a blog post.

It has made Google aware of the issue, but as the apps come pre-installed with the firmware, the problem is difficult to address.

Google 'has taken steps to mitigate the malicious capabilities of many app variants on several device models, using internally developed techniques,' according to Avas.

Several hundred different devices are believed to be affected and includes devices from brands like Archos, ZTE, myPhone, and Prestigio.

ZTE 'IS A SECURITY THREAT' Secretary of State Mike Pompeo has acknowledged security concerns on Thursday that have been leveled at a Chinese telcom firm that President Trump offered to help as a favor to Xi Jinping. The company, ZTE, is facing stiff punishment for violating sanctions against Iran and North Korea that would cripple the U.S. branch of the business. Trump directed his Commerce Department secretary to look into the situation and consider a lesser penalty as a concession to China as he zeroed in on a possible trade deal. Secretary of State Mike Pompeo acknowledged security concerns on Thursday that have been leveled at a Chinese telcom firm that President Trump offered to help as a favor to Xi Jinping His order drew howls from politicians on the left and the right who argued that not only is ZTE a lawbreaker, the company that produces smart phones is a national security threat because it could be a vehicle for Chinese spying. Pompeo told lawmakers on the House Foreign Affairs Committee as the topic came up, 'We're gonna get this right. We're gonna reduce the risk from ZTE to America.' Advertisement

A full list can be found here.

The list is so extensive because the malware was part of a chipset platform package which is reused for many similar devices with different brand names.

Google, Facebook, and Baidu ad frameworks were present in the payload, and in Avast's tests, the researchers were 'offered downloads of questionable games from the Baidu network.'