Android devices made by Lenovo have been found to contain pre-installed malware that can install arbitrary software and display ads.
Russian security vendor Dr Web analysed a group of 28 budget Android devices and found that they had downloader malware installed in firmware.
The malware comes as part of the pre-installed Rambla application, and is added to another encrypted program module, Android.Sprovider.12.origin, Dr Web said.
When active, the Trojan horse can perform a variety of actions. These include downloading and installing Android APK files with users' permission, making phone calls, displaying advertisements, and updating itself.
Dr Web warned that cybercriminals use malware like the above to fraudulently boost application download statistics and distribute adware.
"Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were incorporated into Android firmware because dishonest outsourcers who took part in creation of Android system images decided to make money on users," the security vendor said.
Users of the affected Lenovo and other Android devices should contact the manufacturers in question to obtain updated firmware that does not contain malware, Dr Web suggested.
Last year, Lenovo was forced to stop pre-installing the Superfish adware on Windows PCs due to the massive security risk it posed to users. Lenovo also came under fire after an uninstallable and insecure BIOS rootkit on its PCs would download and install bloatware on clean Windows set-ups.
iTnews has contacted Lenovo for comment on the issue.