Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Mobile

CoolReaper, a Backdoor in million Coolpad Android devices

Palo Alto Networks discovered that the software installed on many of Coolpad high-end Android phones includes a CoolReaper backdoor. The US security firm Palo Alto Networks have discovered that millions of Android smartphones commercialized by the Chinese smartphone maker Coolpad Group Ltd. may contain a “backdoor”, dubbed CoolReaper, that allows the tracking of the users. Palo Alto […]

CoolReaper, a Backdoor in million Coolpad Android devices

Palo Alto Networks discovered that the software installed on many of Coolpad high-end Android phones includes a CoolReaper backdoor.

The US security firm Palo Alto Networks have discovered that millions of Android smartphones commercialized by the Chinese smartphone maker Coolpad Group Ltd. may contain a “backdoor”, dubbed CoolReaper, that allows the tracking of the users.

Palo Alto Networks has released yesterday a research paper Wednesday to provide the details on the investigation on the CoolReaper backdoor.

The backdoor does much more, it could be exploited to push unwanted pop-up advertisements and install unauthorized apps onto users’ mobile device. The backdoor CoolReaper allows the attackers to gain complete control of Android device.

coolpad backdoor coolReaper 2

Coolpad customers have reported suspicious activities related to the presence of the backdoor, but complaints were ignored by the company. The impact could be really serious, more than 10 million users worldwide are menaced by the presence of the CoolReaper on the mobile devices.

“Coolpad is the sixth largest manufacturer of smartphones in the world, and the third largest in China. We recently discovered that the software installed on many of Coolpad’s high-end Android phones includes a backdoor which was installed and operated by Coolpad itself. ” states the paper.

The experts reviewed multiple copies of the stock ROMs used by Coolpad smartphone sold in China and discovered that the majority of the ROMs was affected by the CoolReaper backdoor.

The report has listed the features implemented by the CoolReaper backdoor:

  • Download, install, or activate any Android application without user consent or notification
  • Clear user data, uninstall existing applications, or disable system applications
  • Notify users of a fake over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications
  • Send or insert arbitrary SMS or MMS messages into the phone.
  • Dial arbitrary phone numbers
  • Upload information about device, its location, application usage, calling and SMS history to a Coolpad server

The experts explained that CoolReaper is the first malware they have seen that was built and operated by an Android manufacturer.

“The changes Coolpad made to the Android OS to hide the backdoor from users and antivirus programs are unique and should make people think twice about the integrity of their mobile devices. Some mobile carriers install applications that gather usage statistics and other data on how their devices are performing. CoolReaper goes well beyond this type of data collection and acts as a true backdoor into Coolpad devices.”

Coolpad has also modified the Android OS present in several ROMs to hide CoolReaper components from the user and from other applications operating on the mobile devices.

“These modifications make the backdoor much more difficult for antivirus programs to detect.”

It’s not the first time that Chinese smartphone manufacturers have been accused for the presence of backdoors in their products, many other popular devices like Xiaomi handsets and Star N9500 smartphones were compromised by a malicious code.

Pierluigi Paganini

(Security Affairs –  CoolReaper, Coolpad)