Some Alcatel phones manufactured by TCL were found to be preloaded with a malicious version of the weather app. TCL has well-known brands such as Alcatel, Blackberry and Palm. It pre-installed its own weather application Weather Forecast-World Weather Accurate Radar on Alcatel phones, which is also available to other users through the Google App Store.
The apps pre-installed on the device and available in the Play Store were infected with malicious programs, and it is still unclear how malicious programs enter the app.
Mobile security company Upstream released a report saying that the app collects user data and sends it to a server in China. The data collected includes geographic location, email address, and IMEI code. Upstream also found that in some areas, the application of hidden malicious code would attempt to subscribe users to premium phone numbers that incurred large charges on users’ phone bills.
In addition, when the app is running in the background, it will launch a hidden browser window and load the page to click on the ad. The affected Alcatel phone models are the Pixi 4 and A3 Max.