Windows 10 News and info | Forum
June 18, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Cheap Android Phones and Poor Quality Control Leads to Malware Surprise  (Read 63 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 30134

I Do Windows

WWW Email
« on: October 03, 2018, 02:18:25 PM »

The abundance and variety of low-cost Android phones is one of the reasons that Android has become so popular around the world. Unfortunately, low priced phones could also mean less operating revenue and thus possibly a lower quality control. Such is the case with a cheap Android phone that costs $110 USD and has a remote access trojan (RAT) preinstalled.

In 2017, researchers at Sophos saw a post on where a user stated that their security software was constantly complaining about an app called Sound Recorder that was preinstalled on the phone.

To investigate further, Sophos purchased the reported uleFone S8 Pro. When they analyzed the phone it was discovered that the preinstalled Sound Recorder app was actually a malicious variant that had capabilities similar to a remote access trojan (RAT) and a backdoor.

While it is not uncommon for phone manufacturers to include and generate revenue from preinstalling software, in this case, the quality control was not adequate enough to spot that the Sound Recoder app that was installed was not the legitimate version.

As can be shown from the image above, the malicious version had extra code added to it compared to the legitimate version.

While the RAT was running, Sophos stated that it would transmit information to a remote server that includes:

◘ The device’s phone number

◘ Location information, including longitude, latitude, and a street address

◘ IMEI identifier and Android ID

◘ Screen resolution

◘ Manufacturer, model, brand, OS version

◘ CPU information

◘ Network type

◘ MAC address

◘ RAM and ROM size

◘ SD Card size

◘ Language and country

◘ Mobile phone service provider

The app also had the ability to perform backdoor functions such as

◘ Download and install apps

◘ Uninstall apps

◘ Execute shell commands

◘ Open URL in a browser (though this function appeared to be a work in progress in the sample we analyzed)

According to a report by Avast, this is not the first time low-cost Android phones had malware preinstalled on them. In 2016, it was reported that numerous Android phones were shipped with malware, but even after this was reported to the manufacturers, nothing was done.

Similarly, Sophos has tried to contact MediaTek, the CPU and firmware manufacturer for the phone, but never heard back.

"We’ve spent the past several weeks trying to reach the company to alert them to these issues, but haven’t received a response despite using multiple methods, repeatedly, to try to contact them."

While this does not mean that people shouldn't buy inexpensive phones, it does mean that buyers need to do more research and know what you are getting into.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page May 10, 2019, 01:36:59 PM