Low-priced Android smartphone: bundled with spyware
Beware this low-priced smartphone from China – it may come bundled with spyware, a German security firm claimed this week.
Germany-based G Data said the "N9500" made by Chinese maker Star is the first phone to have the spyware installed as part of the firmware.
"The options with this spy program are nearly unlimited. Online criminals have full access to the smartphone," notes Christian Geschkat, Product Manager Mobile Solutions. "G DATA customers reported a detection by our security solution and thus alerted us to this criminal tactic."
"The only thing users see is an app with the Google Play Store icon in the running processes; other than that, the application is completely disguised," reports Christian Geschkat. "Unfortunately, removing the Trojan is not possible as it is part of the device's firmware and apps that fall into this category cannot be deleted. This includes the fake Google Play Store app of the N9500." Users can use G DATA Internet Security for Android, which detects the malware as Android.Trojan.Uupay.D, to find out whether their own device is affected. The expert advises affected customers to contact the respective online shop to return the device.
Germany-based G Data said the "N9500" made by Chinese maker Star is the first phone to have the spyware installed as part of the firmware.
For the first time ever, the experts at
the German security vendor have discovered a smartphone that comes with
extensive spyware straight from the factory. The malware is disguised as
the Google Play Store and is part of the pre-installed Android apps.
The spyware runs in the background and cannot be detected by users.
Unbeknownst to the user, the smartphone sends personal data to a server
located in China and is able to covertly install additional
applications.
This makes it possible to retrieve personal
data, intercept calls and online banking data, read emails and text
messages or control the camera and microphone remotely. The affected
model "N9500" is produced by the Chinese manufacturer Star and looks
very similar to a smartphone from a well-known manufacturer. It is not
possible to remove the manipulated app and the spyware since they are
integrated into the firmware. Large online retailers are still selling
the Android device at prices ranging from 130 to 165 euros and
distributing it across Europe."The options with this spy program are nearly unlimited. Online criminals have full access to the smartphone," notes Christian Geschkat, Product Manager Mobile Solutions. "G DATA customers reported a detection by our security solution and thus alerted us to this criminal tactic."
Test purchase led to alarming results
After receiving tip-offs from customers, the G DATA security experts purchased and analysed the device. This is how they found out that the firmware contained theTrojan Android.Trojan.Uupay.D, disguised as the Google Play Store. The spy function is invisible to the user and cannot be deactivated. This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly. The program also blocks the installation of security updates."The only thing users see is an app with the Google Play Store icon in the running processes; other than that, the application is completely disguised," reports Christian Geschkat. "Unfortunately, removing the Trojan is not possible as it is part of the device's firmware and apps that fall into this category cannot be deleted. This includes the fake Google Play Store app of the N9500." Users can use G DATA Internet Security for Android, which detects the malware as Android.Trojan.Uupay.D, to find out whether their own device is affected. The expert advises affected customers to contact the respective online shop to return the device.
Risk for users
The smartphone represents a serious risk to
users. The spy program enables criminals to secretly install apps, which
enables the whole spectrum of abuse: localisation, interception &
recording, purchases, banking fraud such as theft of mobile TANs, and
sending of premium SMSs.
It is impossible to find out where the data is sent. "The intercepted data is sent to an anonymous server in China," says Christian Geschkat. "It is not possible to find out who ends up receiving and using the data."
It is impossible to find out where the data is sent. "The intercepted data is sent to an anonymous server in China," says Christian Geschkat. "It is not possible to find out who ends up receiving and using the data."
The price of the mobile device is supposed to attract users
The cheap price ranging from 130 to 165
euros comes as a surprise, considering the high technological standard
of the device. The quad-core smartphone is supplied with extensive
accessories, such as a second battery, car charging adapter and second
cover. Comparable devices from well-known brands cost almost three times
that much.
The security experts at G DATA think that the low price of the mobile device is made possible by the subsequent selling of data records stolen from the smartphone owner. "In general, particularly cheap offers online that seem tempting should make buyers suspicious. There’s no such thing as a free lunch," advises Christian Geschkat.
The security experts at G DATA think that the low price of the mobile device is made possible by the subsequent selling of data records stolen from the smartphone owner. "In general, particularly cheap offers online that seem tempting should make buyers suspicious. There’s no such thing as a free lunch," advises Christian Geschkat.
Smartphones and tablets targeted by criminals
The increasing popularity of smartphones and
tablets has not gone unnoticed by online criminals. There are about 40
million smartphone users in Germany alone. More than 1.2 million new
malware programs for Android appeared last year and this number is
expected to rise sharply. All the more reason for users to use a
comprehensive security solution for their mobile devices.
No comments
Post a Comment