Tecno Phones Vulnerability

Mobile Networks and Telephones
Advisory ID:
August 27, 2020


Researchers has discovered critical security risk with Tecno Android phones which has a pre-installed malware called Triada. Malware which signed users up to subscription services without their permission was discovered on thousands of Tecno mobile phones sold in Africa. Anti-fraud firm Upstream found the malicious code on Tecno handsets sold in Ethiopia, Cameroon, Egypt, Ghana and South Africa.

Description & Consequence

The malware arrives pre-installed on handsets that are bought in their millions by typically low-income households. The malware found on android smartphones installs malicious code known as xHelper which then finds subscription services and submits fraudulent requests on behalf of users, doing so invisibly and without the user’s knowledge. About 200,000 Tecno smartphones are affected even though this threat was only found on 53,000 phones. It was discovered that over 19.2 million suspicious transactions has been recorded since march 2019 from over 200,000 unique devices. The xHelper Trojan persists across reboots, app removals and even factory resets, making it extremely difficult to deal with.

If the request is successful, it consumes pre-paid airtime and mobile data, and then registers people for unwanted subscriptions without their knowledge which is the only way to pay for digital services in many developing countries.


Tecno Mobile claimed that the issue was “an old and solved mobile security issue globally” to which it issued a fix. Tecno has also claimed it has measures in place to prevent the re-occurrence of such security risk by ensuring that installed software on each device runs through a series of rigorous security checks. Smartphone users are expected to carry out regular and periodical system upgrade to protect themselves from unsuspected threats of this kind.



Related Articles