Researchers from a German security provider say they have detected the first known case of an Android smartphone being shipped from the manufacturer with pre-installed malware disguised as a Google Play Store application.
“The spyware runs in the background and cannot be detected by users. Unbeknownst to the user, the smartphone sends personal data to a server located in China and is able to covertly install additional applications,” the team said.
“This makes it possible to retrieve personal data, intercept calls and online banking data, read emails and text messages or control the camera and microphone remotely.”
The model in question is the Star N9500, which is manufactured in China and being distributed across Europe, and the researchers say there is no way for a user to remove or disable the malicious application or the Android.Trojan.Uupay.D spyware because they are integrated with the smartphones own firmware.
“The spy function is invisible to the user and cannot be deactivated. This means that online criminals have full access to the smartphone and all personal data,” the team reported. “Logs that could make an access visible to the users are deleted directly. The program also blocks the installation of security updates.
The team began investigating the smartphone model after receiving inquiries from some of their customers, and say the malware can allow attackers to secretly install other malicious apps, putting users at risk of having their sensitive data intercepted, banking fraud, and being charged high rates in premium SMS scams.
“The intercepted data is sent to an anonymous server in China,” said Christian Geschkat. “It is not possible to find out who ends up receiving and using the data.”
Read More Here…