The Federal Office for Information Security is currently warning of pre-installed malicious code in the firmware of Android smartphone models from China.
According to a press release from the german Federal Bureau Security – BSI(Bundesamt für Sicherheit in der Informationstechnik), officials from the agency specifically purchased the models in question at various online marketplaces in order to test them for malware that had already been detected in February of this year. The device does not indicate on which devices this happened at the time. The malware, which is run by the security software manufacturer Sophos under the generic transmits has also a function for reload and run other malware such as banking Trojans.
Malicious Code Actively Works On Some Models
The BSI has issued warning messages for the Doogee BL7000 and the M-Horse Pure 1. It advises users to refrain from using both devices and if available, to assert statutory warranty that claims against the dealer.
According to Information Security data, connection attempts to over 20,000 different IP addresses are made every day with a malicious server. It must therefore be assumed that devices with this malware variant will become more widespread in the world. Experts have already informed network operators about infected devices in their respective networks by means of Bund reports. The providers were asked to respond accordingly to their customers to notify. The malware is “Andr / Xgen2-CY”, which sends various characteristic data of the device used to the command and control server. The malware also has a reload function that can be used to land other malware on the devices and activate it. Since the malware is in the firmware, it cannot be removed manually or deactivated reliably.
What Does The Malware Do?
The malware collects device information and sends it to a server. It also reports the installation and deinstallation of apps. In addition, the malware has the option of using network connections without being noticed. This enables remote control and installation of additional malware. Since there is currently no way to remove the malware, the smartphones should not be used until an update.