Malware ships pre-installed on ‘Star’ Android phone

Malware ships pre-installed on ‘Star’ Android phone

Android By Ryan Whitwam Jun. 18, 2014

Security researchers will sound the alarm every now and then when a new piece of Android malware is discovered. It’s usually nothing regular users need to worry about, but this time it’s a bit more troubling. The newly discovered Android trojan isn’t lurking around shady Chinese app stores, it’s pre-installed on a low-cost phone for sale on sites like Amazon. You don’t even have to go to the hassle of installing the malware yourself — now that’s convenience.

The device is a generic piece of hardware manufactured by a Chinese ODM calling itself Star. The branding on the 3G dual-SIM device says “Skaynet,” which is just a little too close to Skynet for my liking. The N9500 looks like a fairly good deal, at least on the surface. It has a quad-core Mediatek processor, 1GB of RAM, and a 5-inch 720p screen. It bears a vague resemblance to any number of Samsung devices thanks to the oblong home button.

This device runs Android 4.2, and the product image clearly shows the Play Store icon on the home screen, but it’s not actually Google-certified. In fact, there are no Google apps on the device at all. The “Play Store” client is actually the malware in disguise. Dubbed Android.Trojan.Uupay.D, the spyware runs in the background and pipes user data back to a server in China.

The trojan has access to almost all aspects of the device including email, text input, the camera, and browser data. It also has the ability to install new apps remotely, making it infinitely dangerous. So can you just buy the phone and uninstall the malware? Probably not — it’s built into the ROM, making in a permanent fixture of the device without gaining root access.

Despite the nasty nature of this malware-infested device, it’s still for sale on Amazon in the US and Europe for around $160 (seriously, don’t buy this). Presumably it will be pulled soon.

Leave a Reply