Security Researcher Finds Backdoor on Cheap Android Smartphones

Specific low-cost tablet computers and Android smartphones are sent with malicious firmware, which gathers information regarding the devices that are infected, displays ads at the top of running downloads and programs unwanted APK files on the casualty’s apparatus.

Security research workers from Russian antivirus seller Dr. Webhave found two kinds of downloader Trojans that have been integrated in the firmware of a large number of popular Android apparatus working on the MediaTek platform, which are mainly promoted in Russia.

The Trojans, found as Android.DownLoader.473.origin and Android.Sprovider.7, are capable of gathering information about the infected apparatus, contacting their command-and-control servers, automatically upgrading themselves, covertly downloading and installing other programs based on the instructions it receives from their server, and running each time the device is restarted or turned on.

The set of Android devices which can be influenced by the malicious firmware includes:

  • Lenovo A319
  • Lenovo A6000
  • MegaFon Login 4 LTE
  • Bravis NB85
  • Bravis NB105
  • Irbis TZ85
  • Irbis TX97
  • Irbis TZ43
  • Irbis tz56
  • Pixus Touch 7.85 3G
  • SUPRA M729G
  • SUPRA V2N10
  • Itell K3300
  • Digma Plane 9.7 3G
  • General Satellite GS700
  • Nomi C07000
  • Optima 10.1 3G TT1040MG
  • Marshal ME-711
  • 7 MID
  • Explay Imperium 8
  • Perfeo 9032_3G
  • Prestigio MultiPad Wize 3021 3G
  • Prestigio MultiPad PMT5001 3G
  • Ritmix RMD-1121
  • Oysters T72HM 3G
  • Irbis tz70
  • Jeka JK103

Android.Sprovider.7 Trojan was found in the firmware of Lenovo A319 and Lenovo A6000 smartphones. The Trojan is capable of doing lots of things including:

  • Download, run and install APK files.
  • By making use of a typical system program, make phone calls to particular amounts.
  • Run a typical system mobile application where a specified number is dialed.
  • Show advertisement on top of all apps.
  • Also, screen ads in the status bar.
  • Produce a shortcut on your home screen.
  • Upgrade a malicious module that is leading.

H5GameCenter program shows a little carton picture along with all programs that are running, and there isn’t any choice to disable it. Even in the event, this program is removed by the users that are infected, the firmware Trojan reinstalls the program.

Last month, concealed backdoor was found by security researchers from Kryptowire in the firmware of numerous budget Android smartphones sold in America, which sends it to some Chinese server without users knowledge and also covertly gathers data on mobile owners.

The backdoored firmware applications originated by China-based firm Shanghai AdUps Technology, which maintains that its software runs upgrades for more than 700 Million apparatus world-wide.


Leave a Reply