Two Oct 2017 microprocessor chipset vulnerabilities have been used on phones manufactured through July 2019, that allow Foreign Bad Actor APT groups to develop cofe, base… (funda kabanzi)
Two Oct 2017 microprocessor chipset vulnerabilities have been used on phones manufactured through July 2019, that allow Foreign Bad Actor APT groups to develop cofe, based on reverse engineered Open Source code, to download multiple apps, including browsets, GBoard and other alternative keyboards, and communications apps (Gmail, text and messaging, phone ) applications.
These copy apps run in the OS at startup (using a thumbnail hackede Opera version - but not the expected Opera Mini version for Android), and are oberved as duplicates when clearing app cache, as repeating application responses to a command. They also appear as phantom duplicate app notifications, in Rent Apps List toggles, and hidden apps in hacked desktop Launchers)
The malware payload launcher may also be appended to poorly written apps, from third party app stores, but also from malware originating from Chinese made inexpensive phones with continued 2017 chipset vulnerabilities, eg older chipsets not soft patched or replaced eith hardcoded newer code.
Perhaps authenticator checks buried in code, could alert users of duplicated browsers, as all other FF privacy protections are nulled by these hijacks.