Chinese Android smartphone comes with malware pre-installed

Star N9500A German security firm is reporting that an Android smartphone manufactured in China is shipping with malware pre-installed on it.

The Star N9500 smartphone, which can be easily found available for sale via outlets like Amazon and eBay for relatively cheap prices, is said by researchers at G Data to be infected with the Uupay.D Trojan horse, posing as a version of the Google Play Store app.

According to the security firm, the spyware trojan runs in the background stealing information, and sending it to a server based in China:

The spy function is invisible to the user and cannot be deactivated. This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly.

Sign up to our free newsletter.
Security news, advice, and tips.

Well, there is one way to detect the malware of course. You can run up-to-date anti-virus software on your phone.

G Data screenshot of Android malware detection

The only problem is – your Android smartphone may not be receiving security updates because the malware is preventing them from being downloaded:

The program also blocks the installation of security updates.

And the problem gets worse. According to G Data’s Christian Geschkat, it’s no easy feat to remove Trojan horse from infected devices:

Unfortunately, removing the Trojan is not possible as it is part of the device’s firmware and apps that fall into this category cannot be deleted. This includes the fake Google Play Store app of the N9500.

So, the question is this. Did the manufacturers of this Android smartphone deliberately plant malware on its devices, or did something go badly wrong on their production line which allowed the malware to sneak its way onboard?

Either way – there seems good reason to stay well clear if you value your privacy and want to keep your personal information out of the hands of others.

More information about the discovery of the malware can be found on G Data’s blog.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

6 comments on “Chinese Android smartphone comes with malware pre-installed”

  1. Would you know if this can be mitigated by formatting and installing a ROM, Graham?

    Another example of going cheap not paying off!

  2. Narg

    I'd say that all Android phones have malware installed from the get go. It's called Google….

  3. Leopold

    Well, phones from the USA usually comes with spy software, too.
    Made by the NSA. So whatever…

  4. Mark

    Hardly surprising. No different from what google is doing anyway. Why shouldn't the Chinese have a knock-off version.

  5. Someone

    Stop saying that Android already comes with malware, you are lying, android is an Open-Sorce project.

    1. Securiconvex · in reply to Someone

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.