Chinese Smartphone Leaves Factory With Malware On Board

Android-based Star N9500 ships with a Trojan hidden in its firmware, says G Data

German security company G Data has discovered a brand of Chinese-made Android smartphones that apparently ship with malware pre-installed on the system.

Star N9500 is a five-inch quad-core handset with an HD screen that looks suspiciously similar to the Samsung Galaxy S4. It is available in Europe through popular online retailers, priced around £90.

Turns out the surprisingly affordable device contains Android.Trojan.Uupay.D, which is impossible to remove, since it has been integrated into the firmware. G Data suggests that Star N9500 is so cheap because the manufacturing costs are offset by the value of stolen data.

The company calls this the first incident of its kind.

Brand new

According to G Data, the Trojan is disguised as the Google Play Store process. It runs in the background and receives instructions from an anonymous server located in China. The malware gives the attacker complete control over the handset and enables them to copy data, intercept calls, read emails and text messages and control the microphone and camera.

csm_2014-06_Android-Handy_Malware_1_RGB_fe3b7ae7e3Android.Trojan.Uupay.D can also install additional applications without the knowledge of the user, and block the installation of security updates.

“The options with this spy program are nearly unlimited. Online criminals have full access to the smartphone,” noted Christian Geschkat, product manager for Mobile Solutions. “G DATA customers reported a detection by our security solution and thus alerted us to this criminal tactic.”

Geschkat notes that the smartphone offers a fairly high-end specification and ships with a large number of accessories including a second battery, car charging adapter and second cover.

He thinks that the low price of the mobile device is made possible by the subsequent selling of data records stolen from its future owner.

G Data advises that, since the malware cannot be easily removed, anyone unlucky enough to purchase N9500 should return it for a refund. Since the news first surfaced online, Amazon and some of the other online retailers have already removed the pages selling the device.

This is not the first strain of mobile malware to disguise itself as the Google Play Store process. Security vendor FireEye has just discovered a different malicious app that hides its activities and uses the same icon.

Are you an Android master? Take our quiz!