传音在非洲销售手机预装恶意软件被抓包，中国式全家桶出海？

国内的安卓手机用户最头疼的往往是各种预装软件及“全家桶”，国外因为有谷歌官方商店的原因，软件环境比国内好很多。没想到最近非洲手机之王，中国传音旗下的手机被发现预装了恶意软件，会偷偷下载及订阅各种服务，还被广泛报道。传音辩称是供应商的问题，但真实情况如何就不得而知了。

China’s Tecno sold thousands of smartphones with malware in Africa

中国传音旗下品牌在非洲销售的多部手机被发现有恶意软件

Software that eats up mobile data and registers people for unwanted subscriptions has been found pre-installed on thousands of low-cost Chinese smartphones in Africa more than two years after it was first detected.

中国廉价智能手机公司在非洲销售手机在两年多前就被发现预装了恶意软件，但直到现在问题还存在。最近不少传音手机被发现预装了会耗尽客户的数据流量、并偷偷订阅客户不需要服务的恶意软件。

The Triada malware signs mobile users up to subscription services without their permission and has been discovered on Tecno W2 smartphones in countries such as Ethiopia, Ghana, Cameroon and South Africa, according to a report published this week in partnership with BuzzFeed.

科技媒体BuzzFeed本周联合发布的一份报告显示，传音在埃塞俄比亚、加纳、喀麦隆和南非销售的W2智能机预装了一款名为Triada的恶意软件，这款软件会在没有得到用户允许的情况下订阅某些服务。

Secure-D, the anti-fraud platform that conducted the research, recorded 19.2 million suspicious transactions since March 2019 from over 200,000 unique devices. “The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against,” said managing director, Geoffrey Cleaves.

防欺诈平台Secure-D进行了相关的调查后报告称其自2019年3月以来发现了1920万笔来自超过20万部该型号手机的可疑记录。平台总监杰弗里·克里夫说：“购买这些预装了恶意软件的手机的用户通常是低收入家庭，目前手机的总销量已经达到数百万部，这也反应了预装恶意软件的行为是这个行业目前面临的一大问题。”

“This particular threat takes advantage of those most vulnerable,” he added.

“这种行为实际上是在占最脆弱的那群用户的便宜。”他补充道。

China’s Transsion Holdings manufactures the Android devices, which dominate Africa’s smartphone market with a 41% share, according to market research firm IDC. Shenzhen-based Transsion, which listed on China’s version of the Nasdaq last year, has ignored its home market to focus almost exclusively on the continent. It sells more affordable handsets than rivals such as Samsung (SSNLF) and Apple (AAPL) under the brand Tecno Mobile.

据市场调查公司IDC数据显示，中国传音控股生产的安卓手机在非洲市场占有统治地位，市场份额达到41%。这家深圳公司去年在中国版纳斯达克上市，公司产品并未在中国销售，市场几乎集中在非洲大陆。和三星及苹果等竞争对手相比，传音旗下的Tecno品牌手机价格更有竞争力。

In a statement to CNN Business, Tecno Mobile said the problem “was an old and solved mobile security issue globally” for which it issued a fix in March 2018. Consumers currently experiencing difficulties should download the fix through their phones or contact after sales support, it added.

在向CNN财经发来的一份声明中，传音旗下的Tecno称“这是一个之前已经在全球解决了的手机安全老问题”，其在2018年3月就发布了修复，目前仍有问题的消费者可以通过下载该修复工具或联系售后解决。

Transsion blamed an “unidentified vendor in the supply chain process,” according to BuzzFeed.

BuzzFeed称传音将问题的原因归咎于“其供应链上某家不具名的上游厂商”。

Triada malware installs a piece of code known as xHelper onto compromised devices, automatically subscribing users without their knowledge to services that consume pre-paid airtime — the only way to pay for digital products in many developing countries.

Triada这款恶意软件会在手机中植入一款名为xHelper的代码，在用户不知情的情况下自动订阅会消耗用户流量的服务——在很多发展中国家，流量是用户获取数据服务的唯一途径。

“The xHelper trojan persists across reboots, app removals and even factory resets, making it extremely difficult to deal with even for experienced professionals, let alone the average mobile user,” Secure-D said in a statement.

“哪怕重启设备、删除该应用甚至恢复出厂设置，xHelper木马仍然存在。即便是有经验的专业人员也很难彻底解决，更别提普通用户了。”Secure-D平台在一份声明中指出。

The company’s investigation found evidence in code and traffic data to link at least one of the xHelper components to fraudulent subscription requests via Transsion’s Tecno W2 handset. Its analysis was carried out on phones from existing users and newly purchased handsets. No signs of Triada malware were found to affect other mobile phones manufactured by Transsion, Secure-D said.

Secure-D通过调查代码及数据还发现xHelper欺诈性订阅的请求与传音旗下Tecno品牌的W2型号手机有关。这项调查涉及到市场存量用户及新购机用户，目前除了W2之外，还未在传音生产的其它手机上发现Triada这款恶意软件。

In a 2016 blog post, Google, which developed the Android operating software, attributed the presence of Triada to the actions of third-party suppliers within the production process.

实际上，安卓系统开发商谷歌在2016年的一篇博客中就将Triada之类恶意软件的存在归咎于供应链上的一些第三方供应商。

“We have always attached great importance to consumers’ data security and products safety,” said Tecno Mobile. “Every single software installed on each device runs through a series of rigorous security checks,” it added, noting that security updates are periodically sent to mobile users.

Tecno移动在声明中说“我们一直都非常重视用户的数据安全及产品可靠性。所有预装在设备上的软件都经过一系列严格的安全检查”，并补充说其定期会向用户推送安全更新。

来源：双语资讯读世界