The Star N9500 smartphone, which can be easily found available for sale via outlets like Amazon and eBay for relatively cheap prices, is said by researchers at G Data to be infected with the Uupay.D Trojan horse, posing as a version of the Google Play Store app.
According to the security firm, the spyware trojan runs in the background stealing information, and sending it to a server based in China:
The spy function is invisible to the user and cannot be deactivated. This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly.
Well, there is one way to detect the malware of course. You can run up-to-date anti-virus software on your phone.
The only problem is – your Android smartphone may not be receiving security updates because the malware is preventing them from being downloaded:
The program also blocks the installation of security updates.
And the problem gets worse. According to G Data’s Christian Geschkat, it’s no easy feat to remove Trojan horse from infected devices:
Unfortunately, removing the Trojan is not possible as it is part of the device’s firmware and apps that fall into this category cannot be deleted. This includes the fake Google Play Store app of the N9500.
So, the question is this. Did the manufacturers of this Android smartphone deliberately plant malware on its devices, or did something go badly wrong on their production line which allowed the malware to sneak its way onboard?
Either way – there seems good reason to stay well clear if you value your privacy and want to keep your personal information out of the hands of others.
More information about the discovery of the malware can be found on G Data’s blog.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.