You Think Your Brand-New Phone Is Safe? Check Twice
We as consumers have a conception that if our device is new it is safe to use, but not anymore.
According to security company G Data there are more than 20 smartphones serving a pre installed malware. Most of those malware are disguised as Google Play Store as a part of pre-installed Android applications.
One of the phones is Chinese Star N9500 which looks very similar to Samsung’s Galaxy. In this case spyware runs covertly in the background and sends personal data to a server in China. Additionally this type of malware is capable of installing applications without knowledge of an end-user.
Start N9500 does not allow users to remove malicious applications and spyware since the are hard coded in an Android based firmware. These devices are sold by leaders of online retailers at a price range of 130-165 Euros across Europe. According to Christian Geschkat, Product Manager Mobile Solutions at G Data:
“The options with this spy program are nearly unlimited. Online criminals have full access to the smartphone. G DATA customers reported a detection by our security solution and thus alerted us to this criminal tactic. The intercepted data is sent to an anonymous server in China. It is not possible to find out who ends up receiving and using the data.”
Users of cheap smartphones are at risk and the amount of victims will surely rise since the price is affordable. By serving a pre-installed spyware cyber criminals are gaining an ability to abuse privacy of users in anyway they desire: localisation, interception & recording, purchases, banking fraud such as theft of mobile TANs, and sending of premium SMSs.
Similar malware was discovered by Marble Security in 2014, embedded in Netflix app in a number of Samsung’s devices. Malware allowed hackers to steal credit card ID and passwords and send them to anonymous Russian servers.
Another spyware was discovered in Russian Yota Phone, which we reported in June. Spyware allowed FSB (former KGB) to steal any user information.