Chinese Backdoor on Android

Many Android users may still have a backdoor on their device, according to new revelations made today by the Malwarebytes’ mobile security research team.

Their discovery is related to the Adups case from last year. Back in mid-November 2016, US cyber-security firm Kryptowire revealed it discovered that firmware code created by a Chinese company called Adups was collecting vasts amount of user information and sending it to servers located in China.

According to Kryptowire, the backdoor code was collecting SMS messages, call history, address books, app lists, phone hardware identifiers, but it was also capable of installing new apps or updating existing ones.

The backdoor was hidden inside a built-in and unremovable app named com.adups.fota, the component responsible for the phone’s firmware-over-the-air update (FOTA) system.

At the time, experts believed Adups shipped out the backdoored component to other phone vendors and the component eventually made its way inside over 700 million devices, most of which were low-budget Android phones, and in some cases, some Android Barnes & Noble NOOK tablets.

New backdoor code found in another Adups component

But Malwarebytes says it found another Adups component doing bad things. Just like the previous Adups backdoor, this app is also unremovable, and users can’t disable it either.

This second component is found on phones under two names, such as com.adups.fota.sysoper or com.fw.upgrade.sysoper, which appear in the phone’s app list with the name UpgradeSys (FWUpgradeProvider.apk).

The nee backdoor has the ability to install and/or update apps without a user’s knowledge or consent.

Always pay close attention on what apps your installing.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s