Security researchers have found malware hidden in the firmware of several low-end Android smartphones and tablets, malware which is used to show ads and install unwanted apps on the devices of unsuspecting users.
According to a report, the following 26 Android device models are affected:
Irbis TZ85
Irbis TX97
Irbis TZ43
Bravis NB85
Bravis NB105
SUPRA M72KG
SUPRA M729G
SUPRA V2N10
Pixus Touch 7.85 3G
Itell K3300
General Satellite GS700
Digma Plane 9.7 3G
Nomi C07000
Prestigio MultiPad Wize 3021 3G
Prestigio MultiPad PMT5001 3G
Optima 10.1 3G TT1040MG
Marshal ME-711
7 MID
Explay Imperium 8
Perfeo 9032_3G
Ritmix RMD-1121
Oysters T72HM 3G
Irbis tz70
Irbis tz56
Jeka JK103
The common link between all these devices is that all are low-cost devices, mostly marketed in Russia, and which run on MediaTek chipsets.
Device resellers suspected of adding the malware
According to security researchers from Dr.Web, a Russian antivirus vendor, the malware appears to have been added to the firmware of these devices by "dishonest outsourcers who took part in [the] creation of Android system images decided to make money on users."
The security firm has informed MediaTek and the device vendors about this issue so the affected companies can inspect their distribution chain and find the possible culprits.
Malware used to push aggressive and unwanted apps
The malware found on these devices is codenamed Android.DownLoader.473.origin. According to Dr.Web, this malware will collect data about the infected devices, contact a C&C server, and download and install other apps based on the instructions it receives from this server.
Currently, this malware is forcibly downloading and installing the H5GameCenter app. This application is a Play Store-like app catalog that allows users to install other apps. The app is considered extremely intrusive because it shows its icon (an open blue box) floating above other apps non-stop, such as in the image below, and without an option to disable this behavior.
If users remove the H5GameCenter app, the firmware malware will reinstall it at a later point.
Last month, in the period of one week, security researchers from Kryptowire and Anubis Networks found backdoors in the firmware provided by two Chinese software vendors, Shanghai Adups Technology Co. Ltd. and Ragentek Group.
The firmware provided by these two companies had been embedded in a large number of low-end Android smartphones and granted attackers complete control over the affected phones.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now