Security Warning: Malware in Budget “No-Name” Smartphones (Alps, Soyes, Lingbo)

Dear Partners,

Recently, we have noticed an increase in the use of budget Chinese smartphones from unknown brands (so-called “no-names”) for working with 1टीपी1टी. Among them are Alps XS15, Alps S23 Pro, Alps P70 Pro Max, Alps 16 Pro, Soyes XS11, Lingbo G24 mini, and others. These devices often contain malicious code (such as the Guerrilla or Triada trojans) embedded in their firmware.

We are compelled to warn you about the dangers as this directly affects your earnings.

Facts about infected devices:

• According to Heimdal Security, nearly 9 million Android devices are infected with the “Guerrilla” malware.
• Red Sky Alliance reports that the Triada trojan is used to control millions of smartphones.
• According to CybersecurityTribe, a single cybercriminal group controls millions of devices in 180 countries.
• Malicious software can:
  • Intercept SMS messages with one-time passwords;
  • Set up reverse proxy servers;
  • Hijack WhatsApp and other messenger sessions;
  • Register accounts without the user’s knowledge

What are the risks?

1. Automatic account registration.
   As soon as you insert a SIM card into such a smartphone, the malicious software begins registering accounts in services (WhatsApp, Facebook, Tinder, JingDong, etc.) without your knowledge. You won’t see the SMS with codes, but they are intercepted and sent to malicious actors.

2. Numbers become unsuitable for rent.
   If technical support informs you that your numbers are already spammed with registrations, they cannot be rented out to clients. This means unwanted losses—you will have to buy new SIM cards and devices.

3. Problems with “cleaning” numbers.
   You can try to manually delete accounts registered with your numbers (check the list of services with technical support). However, this does not guarantee success:
   • Accounts may have two-factor authentication (2FA) enabled.
   • If a service (such as WhatsApp) detects suspicious activity, it may permanently block the number.

4. Additional threats from trojans.
   In addition to intercepting SMS, malicious software can:
   • Install intrusive ads;
   • Steal account data (for example, cookies from Facebook);
   • Use your device for fraudulent schemes.

5. Risk of rating decrease in Sharing SMS.
   If such cases of number compromise occur frequently, your rating in the service may decrease, which will directly affect your earnings.
   

What should you do?

• Use smartphones from well-known and trusted manufacturers, such as Samsung, Xiaomi, ZTE, and others.
• Avoid budget “no-name” Chinese smartphones—the malicious code is embedded at the firmware level and cannot be removed by antivirus software.
• Do not neglect screen lock. Setting a password, pattern, fingerprint, or face recognition on the device helps prevent unauthorized access to data in case of theft or loss.
• If technical support warns you about spammed numbers, replace them with new ones, installing them in reliable devices, or try to clean the numbers (delete accounts in the specified services and send confirming screenshots).

The only positive scenario for using a budget “no-name” smartphone is if the malicious software could not determine the SIM card phone number (some operators block this capability). In this case, the risk is lower, but there is no full guarantee of security.

Important to remember!

Using infected devices is your conscious risk. 1टीपी1टी service does not compensate for losses related to the replacement of SIM cards and devices.

Useful materials:

• Trend Micro: Trojans in pre-installed devices
• Heimdal Security: 9 million infected devices
• BleepingComputer: Cybercriminals infect millions of Android devices
• CybersecurityTribe: Lemon Group infected millions of smartphones