News

German security experts discovered backdoors in four models of smartphones

Photo of Daniel Zimmermann Daniel ZimmermannJune 7, 2019
0 133 1 minute read

Specialists of the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) warned about dangerous backdoor embedded in the firmware of some Android devices sold in Germany.

Malware has been detected in the Doogee BL7000, M-Horse Pure 1, Keecoo P11, and VKworld Mix Plus firmwares (malware detected but inactive). All four devices are budget smartphones running Android.

Found by malware experts, this is an Andr/Xgen2-CY Trojan. Sophos Labs first noticed it in October 2018, when researchers discovered that malware was hidden in the SoundRecorder application, which was preinstalled on uleFone S8 Pro smartphones.

Sophos Labs analysts wrote that Andr/Xgen2-CY was created specifically as a non-removable backdoor. The initial task of the malware was to spy on the user: after turning on the device, Andr/Xgen2-CY is activated, collects details about the device and sends them to a remote server, waiting for further instructions.

Malware collected the following data:

  • phone number;
  • location information, including longitude, latitude and address;
  • IMEI and Android ID;
  • screen resolution;
  • manufacturer, model, brand, OS version;
  • processor information;
  • network type;
  • MAC address;
  • ROM and RAM size;
  • SD card size;
  • language and country;
  • mobile operator.

After information was transmitted from the device to malware operators, they could order the following to their malware:

  • download and install the application;
  • delete the application;
  • execute a shell command;
  • open the URL in the browser.

In addition, the Andr/Xgen2-CY developers took care of stealth: the malware was masked as an Android library. Now experts from the Federal Information Security Administration write that the malware is securely fixed in the firmware of the devices, so that removing backdoor is almost impossible.

Fixes for their gadgets so far released only one manufacturer: the patch is available only for smartphones Keecoo P11.

Experts have determined that at least 20,000 German IP addresses address the Andr/Xgen2-CY control servers every day, which gives an idea of the number of infected devices and people who regularly use dangerous gadgets. It is emphasized that the problem may affect users from other countries of the world.

Users were warned that their devices were endangered, and malware operators could use malware at any time to spread banking Trojans, extortionate or adware, as well as other threats.

Source: https://scribd.com

Related Posts

Tags
Photo of Daniel Zimmermann Daniel ZimmermannJune 7, 2019
0 133 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Twitter user data

Attacker Put Up for Sale the Data of 5.4 million Twitter Users

July 26, 2022
The FBI charged the Russian

The FBI charged a Russian who ran a criminal marketplace

March 24, 2022
hack moonlighter satellite

SpaceX Delivered the Moonlighter Satellite into Orbit, Which Will Need to Be Hacked at DEF CON

June 8, 2023
Bitzlato cryptocurrency exchange

American Authorities Closed the Bitzlato Cryptocurrency Exchange, Linking It with Conti and Hydra

January 20, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button