Anti-fraud firm Upstream said it has found Malware which signs users up to subscription services without their permission on thousands of Chinese mobile phones sold in Africa.
The malicious code on 53,000 Tecno handsets were sold in Ethiopia, Cameroon, Egypt, Ghana and South Africa, according to the group.
But in total, Upstream found what it described as “suspicious activity” on more than 200,000 Tecno smartphones.
Manufacturer Transsion told Buzzfeed the malware was installed in the supply chain without its knowledge.
According to Upstream, its investigations showed that the code was taking advantage of the “most vulnerable”.
For example the Triada malware found on the Android smartphones installs malicious code known as xHelper.
The code then finds subscription services and submits fraudulent requests on behalf of users, doing so invisibly and without the user’s knowledge.
Should the request be successful, it then consumes pre-paid airtime for users in many developing countries.
The head of Upstream’s Secure-D platform, Geoffrey Cleaves said “The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against.”
Tecno Mobile has told the BBC in a statement that the issue was “an old and solved mobile security issue globally” to which it issued a fix in March 2018.
“For current W2 consumers that are potentially facing Triada issues now, they are highly recommended to download the over-the-air fix through their phone for installation or contact Tecno’s after-sales service support for assistance in any questions,” the firm told the BBC in a statement.