Some Android phones that are sold to low-income people who participate in the federally subsidized Lifeline program come laden with two types of potential malware, according to a new report by security company Malwarebytes.
The phone -- model UMX U686CL, offered through Virgin Mobile's Assurance Wireless for just $35-- comes with an app that automatically installs other apps without users' consent, according to Malwarebytes. The apps are initially free of malware, but could become malicious as a result of future updates, according to Malwarebytes.
The phone also comes with software that appears to pave the way for “HiddenAds” -- malware that serves ads.
Malwarebytes says it began investigating the phones several months ago, after seeing complaints about pre-installed apps.
The company says it reached out to Assurance Wireless to ask about the “pre-installed malware,” but didn't receive a response.
Assurance Wireless has not yet responded to MediaPost's request for comment.
The Assurance Wireless program is subsidized by the federal Lifeline program, which aims to help low-income people connect via telephone and broadband.
Federal Communications Commissioner Jessica Rosenworcel on Thursday called for an investigation.
“The @FCC funds a program to help low-income folks get access to wireless service. This makes sense,” she tweeted. “But it does not makes sense to have them pay for it by accepting insecure foreign malware. We need to get to the bottom of what is going on here--fast.”