Once again Android Smartphone from China with pre-installed malware

Pierluigi Paganini June 17, 2014

Security Experts at German G Data discovered that a popular Chinese Android Smartphone, Star N9500, comes with a pre-installed spyware.

It’s not a mystery that many Android Smartphone comes with pre-installed applications, unfortunately some of them could hide an ugly surprise for the owner, a malware that can steal user’s data.

In April the Chinese TV station, CCTV, reported some cases where the Android Smartphone were compromised by pre-installed malware before selling them on to unwitting customers. The Smartphone supply chain was compromised by a pre-installed malware called DataService, researchers at Kaspersky identified the pre-installed malware as Trojan.AndroidOS.Uupay.a, an insidious agent that interacts with other resident Android apps to steal mobile info, push ads and download the specific web content, including other apps from unofficial stores.

The event seems to have repeated again, experts at the German security firm G Data discovered that a popular Chinese Android Smartphone comes with a pre-installed spyware that could be used to syphon users’ personal data and spy on the owner’s conversations, sending all the stolen information to an anonymous server located in China.

This makes it possible to retrieve personal data, intercept calls and online banking data, read emails and text messages or control the camera and microphone remotely. The affected model “N9500” is produced by the Chinese manufacturer Star and looks very similar to a smartphone from a well-known manufacturer.” from a well-known manufacturer. ” states G Data in a blog post published on its website.

The affected model “N9500” is produced by the Chinese manufacturer Star and looks very similar to the Samsung Galaxy S4, it can be easily found on different online retailers such as eBay and Amazon for no more of 165 Euro.

Star N9500 is very popular on the Chinese market, the spyware detected by the security firm is Uupay.D Trojan horse that tries to deceive victims masquerading itself as a version of the Google Play Store.

Also in this case the malware is used to provide the attackers a complete control of the device, allowing the remote installation of further malicious apps and the data stealing. The spyware implements features to copy users’ data, record calls automatically, act as an environment bug activating the microphone and send SMS to premium services.
“The spy function is invisible to the user and cannot be deactivated,” reads the blog post published yesterday. “This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly.”
The bad news is that it is not possible to remove the manipulated app and the spyware since they are integrated into the firmware, the malware also blocks any security updates as  afurther protection mechanism.
Unfortunately, removing the Trojan is not possible as it is part of the device’s firmware and apps that fall into this category cannot be deleted,” said Christian Geschkat, Product Manager at G Data. “This includes the fake Google Play Store app of the N9500.

Android pre-installed malware

According the experts the cheap price of the mobile and the extensive accessories offered, are the element of attractive for users.

“The security experts at G DATA think that the low price of the mobile device is made possible by the subsequent selling of data records stolen from the smartphone owner. “In general, particularly cheap offers online that seem tempting should make buyers suspicious. There’s no such thing as a free lunch,” advises Christian Geschkat.” states the post.

Users have Install Mobile Antivirus on their device to detect this and other malware, be wary of Chinese products for which there is no guarantee of the security of the supply chain.

Mobile users affected by the pre-installed malware have to return the device back to the seller.

Pierluigi Paganini

(Security Affairs –  pre-installed malware, spyware)



you might also like

leave a comment