Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Malware

Once again Android Smartphone from China with pre-installed malware

Security Experts at German G Data discovered that a popular Chinese Android Smartphone, Star N9500, comes with a pre-installed spyware. It’s not a mystery that many Android Smartphone comes with pre-installed applications, unfortunately some of them could hide an ugly surprise for the owner, a malware that can steal user’s data. In April the Chinese TV […]

Once again Android Smartphone from China with pre-installed malware

Security Experts at German G Data discovered that a popular Chinese Android Smartphone, Star N9500, comes with a pre-installed spyware.

It’s not a mystery that many Android Smartphone comes with pre-installed applications, unfortunately some of them could hide an ugly surprise for the owner, a malware that can steal user’s data.

In April the Chinese TV station, CCTV, reported some cases where the Android Smartphone were compromised by pre-installed malware before selling them on to unwitting customers. The Smartphone supply chain was compromised by a pre-installed malware called DataService, researchers at Kaspersky identified the pre-installed malware as Trojan.AndroidOS.Uupay.a, an insidious agent that interacts with other resident Android apps to steal mobile info, push ads and download the specific web content, including other apps from unofficial stores.

The event seems to have repeated again, experts at the German security firm G Data discovered that a popular Chinese Android Smartphone comes with a pre-installed spyware that could be used to syphon users’ personal data and spy on the owner’s conversations, sending all the stolen information to an anonymous server located in China.

This makes it possible to retrieve personal data, intercept calls and online banking data, read emails and text messages or control the camera and microphone remotely. The affected model “N9500” is produced by the Chinese manufacturer Star and looks very similar to a smartphone from a well-known manufacturer.” from a well-known manufacturer. ” states G Data in a blog post published on its website.

The affected model “N9500” is produced by the Chinese manufacturer Star and looks very similar to the Samsung Galaxy S4, it can be easily found on different online retailers such as eBay and Amazon for no more of 165 Euro.

Star N9500 is very popular on the Chinese market, the spyware detected by the security firm is Uupay.D Trojan horse that tries to deceive victims masquerading itself as a version of the Google Play Store.

Also in this case the malware is used to provide the attackers a complete control of the device, allowing the remote installation of further malicious apps and the data stealing. The spyware implements features to copy users’ data, record calls automatically, act as an environment bug activating the microphone and send SMS to premium services.
“The spy function is invisible to the user and cannot be deactivated,” reads the blog post published yesterday. “This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly.”
The bad news is that it is not possible to remove the manipulated app and the spyware since they are integrated into the firmware, the malware also blocks any security updates as  afurther protection mechanism.
Unfortunately, removing the Trojan is not possible as it is part of the device’s firmware and apps that fall into this category cannot be deleted,” said Christian Geschkat, Product Manager at G Data. “This includes the fake Google Play Store app of the N9500.

Android pre-installed malware

According the experts the cheap price of the mobile and the extensive accessories offered, are the element of attractive for users.

“The security experts at G DATA think that the low price of the mobile device is made possible by the subsequent selling of data records stolen from the smartphone owner. “In general, particularly cheap offers online that seem tempting should make buyers suspicious. There’s no such thing as a free lunch,” advises Christian Geschkat.” states the post.

Users have Install Mobile Antivirus on their device to detect this and other malware, be wary of Chinese products for which there is no guarantee of the security of the supply chain.

Mobile users affected by the pre-installed malware have to return the device back to the seller.

Pierluigi Paganini

(Security Affairs –  pre-installed malware, spyware)