Cheap Android phone comes shipped with spyware

Posted by   Virus Bulletin on   Jun 19, 2014

Trojan masquerades as Google Play app; cannot be removed.

Researchers at German security firm G Data have discovered Android smartphones that come shipped with spyware.

The phone is the N9500 from Chinese manufacturer Star, which appears to be very similar to the popular Samsung S5, but with a much lower price tag. Following reports from customers, G Data researchers decided to purchase the phone and confirmed that it contained the trojan known as Android.Trojan.Uupay.D.

This trojan masquerades as the legitimate Google Play app, making its activities invisible to the phone's user. To make matters worse, as it is part of the firmware, the app cannot be removed from the device. Intercepted data is sent to a server located in China, while the malware also prevents the installation of security updates.

Of course, there is only one sensible piece of advice regarding this phone, which is to avoid it completely. Thankfully, most web stores appear to have stopped selling it.

Another security firm, FireEye, also reported a piece of Android malware that masquerades as the Google Play app. An analysis on the company's blog explains how this malware avoids detection by storing the payload as an encrypted attachment to a seemingly benign application.

This malware also steals data and sends it off to a Chinese server. However, it is unclear whether the two threats are related. Update: G Data's Eddy Willems says he believes they are not related.

Posted on 19 June 2014 by Martijn Grooten

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

Throwback Thursday: We're all doomed

Mydoom turns 15 this month, and is still being seen in email attachments. This Throwback Thursday we look back to March 2004, when Gabor Szappanos tracked the rise of W32/Mydoom.

VB2019 call for papers - now open!

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2019 is now open and we want to hear from you!

VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis library

Today, we publish a VB2018 paper by Google researcher Maddie Stone in which she looks at one of the most interesting anti-analysis native libraries in the Android ecosystem. We also release the recording of Maddie's presentation.

VB2018 paper: Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors

Today, we publish the VB2018 paper by Chronicle researcher Juan Andres Guerrero-Saade, who argues we should change the way we talk about APT actors.

Book Review: Cyber Wars

VB Editor Martijn Grooten reviews Charles Arthur's Cyber Wars, which looks at seven prominent hacks and attacks, and the lessons we can learn from them.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.