Article Details

Popular Android-based photo frames download malware on boot. Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. Mobile security company Quokka conducted an in-depth security assessment on the Uhale app and found behavior suggesting a connection with the Mezmess and Voi1d malware families. The researchers reported the issues to ZEASN (now ‘Whale TV’), the Chinese firm behind the Uhale platform used in the digital picture frames of numerous different brands, but received no reply to multiple notificaitions since May. Automatic malware delivery Starting with the most alarming findings, many of the analyzed Uhale photo frames download malicious payloads from China-based servers at boot. “Upon booting, many investigated frames check for and update to the Uhale app version 4.2.0,” Quokka researchers say in the report. “The device then installs this new version and reboots. After the reboot, the updated Uhale app initiates the download and execution of malware.” The downloaded JAR/DEX file that is saved under the Uhale app’s file directory is loaded and executed at every subsequent boot. The devices that Quokka examined had the SELinux security module disabled, came rooted by default, and many system components were signed with AOSP test-keys. The researchers found evidence linking the downloaded payloads to the Vo1d botnet and Mzmess malware families, based on package prefixes, string names, endpoints, delivery workflow, and artifact locations. However, it is unclear how the devices got infected. Multiple security gaps Aside from the malware delivery, which did not occur on all Uhale-branded picture frames, the researchers also discovered more than a dozen vulnerabilities. Among the 17 security issues that Quokka discloses in the report, 11 of which have CVE-IDs assigned, below are the most significant: Since most of these products are marketed and sold under various brands without mentioning the platform they use, it is difficult to estimate the exact number of potentially impacted users. The Uhale app has more than 500,000 downloads on Google Play and 11,000 user reviews in the App Store. Uhale-branded photo frames on Amazon have nearly a thousand user reviews.  BleepingComputer has independently contacted ZEASN with a request for comment, but we have not received a response by publication time. It is recommended that consumers only buy electronic devices from reputable brands that use official Android images without firmware modifications, Google Play services, and built-in malware protections. The 2026 CISO Budget Benchmark It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026. Learn how top leaders are turning investment into measurable impact.