Backdoor Sends Call Logs and Details of 700 Million Android Phones to China

Back in November, it was discovered that a backdoor injected in a custom firmware powering nearly 700 million phones was being used to collect user information, and now a security firm that inspected the infection discovered that data such as IMEI, IMSI, MAC address, version number, and the operator is collected.
Specifically, a report that came out last month revealed that a huge number of Android phones running custom firmware developed by Chinese firm ADUPS Technology was infected with a backdoor that collected user information and submitted it to a server based in China.

The list of phone manufacturers includes 43 names, according to Trustlook, and you can check it out in the box after the jump, with famous names such as Mediatek, BLU, ZTE, and Lenovo also there.

Furthermore, Trustlook says that it discovered that SMS messages and call logs were also collected from the infected systems and transmitted to China, all without user’s consent and running in the background.

The company analyzed just a simple package called “com.adups.fota” and found that the information is uploaded to a domain called bigdata.adups.com every 72 hours. This app is pre-installed on all devices that come with the custom firmware and its role is specifically to collect device and user activity information and upload it to the said domain at regular intervals.

Data collection from infected devices started in July 2016, the firm found, and continued for more than six months until it was discovered.

“People like to think their brand new phone is clean and free of malware, but that is not always the case. Some smartphone manufacturers choose to use a third party FOTA (Firmware Over-The-Air) service instead of Google’s, which can pose serious security risks. This is what happened in the case of Shanghai based ADUPS Technology Co,” the security firm explains.

Some companies that were running the ADUPS firmware have already given up on it, including BLU, who decided to go for Google’s solution in search for better security.

Although they are mostly Chinese manufacturers, some of these companies were also selling Android-powered devices infected with the backdoor in other big markets, including the United States. BLU alone was sold some 120,000 phones in the United States.

source: softpedia

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA