Google admits advanced backdoors installed on Android devices


Google has declared on an official note that some of the low-end smartphones operating on Android OS might have advanced backdoors preinstalled in them from manufacturing factories.
The internet juggernaut failed to address the names of the manufactures but said that it will take action against those which release mobiles into the market with Trojans such as Triada.

Founded in 2016 by a research carried out by Kaspersky, Triada is actually a banking Trojan which then installs apps which send spam and display ads on the fraudulent note. This is done by deploying tool kits that exploit and bypass the security protections on the Android OS platform- including the Zygote process.

Meanwhile, the German Federal Office for Information Security aka BSI has issued a security alert that at least four of the mobile models prevailing in the region are loaded with dangerous backdoor malware. The impacted models are Doogee BL7000, M-Horse Pure 1, Keecoo P11 and the VKworld Mix Plus.

Germany’s BSI says that all the 4 models discovered in its research came with a backdoor Trojan named Andr/Xgen2-CY.

UK Cybersecurity Firm Sophos Labs is said to have 1st spotted this malware in Oct’18 and has agreed with what Germany’s Information Security Watchdog has stated yesterday. Sophos added that the malware is sophisticated in such a way that it can collect sensitive details such as device phone number, location including street address and longitude and latitude, and IMEI and Android ID along with CPU info, RAM info, screen resolution, network type, Mac Address, and SD card size.

Trojan Andr/Xgen2-CY has the capabilities such as downloading and installing apps, uninstalling them without the knowledge of users, executing shell commands and opening URLs in the browser.

Technically speaking, the said malware is almost impossible to remove on a manual note as it comes preinstalled with the mobile firmware with malicious codes inserted in disguise as an Android support library. But manufacturers can do it by releasing a firmware update that can help remove the malicious backdoor.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display