Antivirus software vendor Avast said it has discovered adware pre-installed on “several hundred” different Android device models and versions.
In a blog post penned by Avast resident mobile security experts Vojtech Bocek and Nikolaos Chrysaidos, the company said a number of the devices affected are from manufacturers like ZTE and Archos, with the majority not certified by Google.
Avast said the adware was previously described by fellow antivirus provider Dr. Web and goes by the name of “Cosiloon”.
“The adware creates an overlay to display an ad over a webpage within the users’ browser,” the blog post read.
“The adware has been active for at least three years, and is difficult to remove as it is installed on the firmware level and uses strong obfuscation.”
Avast added that thousands of devices had been affected, with the past month alone seeing some 18,000 affected devices spread across more than 100 countries including Russia, Italy, Germany, the UK, as well as some in the US.
“We are in touch with Google and they are aware of the issue. Google has taken steps to mitigate the malicious capabilities of many app variants on several device models, using internally developed techniques,” Avast said.
“Google Play Protect has been updated to ensure there is coverage for these apps in the future.”
Google has also reached out to the device manufacturers’ firmware developers to bring awareness to these concerns and encouraged them to take steps to address the issue.