Cyber security news for all


    Detected Malicious Malware On Chinese Smartphones

    The Federal Office for Information Security is currently warning of pre-installed malicious code in the firmware of Android smartphone models from China.

    According to a press release from the german Federal Bureau Security – BSI(Bundesamt für Sicherheit in der Informationstechnik), officials from the agency specifically purchased the models in question at various online marketplaces in order to test them for malware that had already been detected in February of this year. The device does not indicate on which devices this happened at the time. The malware, which is run by the security software manufacturer Sophos under the generic transmits has also a function for reload and run other malware such as banking Trojans.

    chinese smartphone malware

    Malicious Code Actively Works On Some Models

    The BSI has issued warning messages for the Doogee BL7000 and the M-Horse Pure 1. It advises users to refrain from using both devices and if available, to assert statutory warranty that claims against the dealer.

    According to Information Security data, connection attempts to over 20,000 different  IP addresses are made every day with a malicious server. It must therefore be assumed that devices with this malware variant will become more widespread in the world. Experts have already informed network operators about infected devices in their respective networks by means of Bund reports. The providers were asked to respond accordingly to their customers to notify. The malware is “Andr / Xgen2-CY”, which sends various characteristic data of the device used to the command and control server. The malware also has a reload function that can be used to land other malware on the devices and activate it. Since the malware is in the firmware, it cannot be removed manually or deactivated reliably.

    What Does The Malware Do?

    The malware collects device information and sends it to a server. It also reports the installation and deinstallation of apps. In addition, the malware has the option of using network connections without being noticed. This enables remote control and installation of additional malware. Since there is currently no way to remove the malware, the smartphones should not be used until an update.

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox