Also in this case the malware is used to provide the attackers a complete control of the device, allowing the remote installation of further malicious apps and the data stealing. The spyware implements features to copy users’ data, record calls automatically, act as an environment bug activating the microphone and send SMS to premium services.
“The spy function is invisible to the user and cannot be deactivated,” reads the blog post published yesterday. “This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly.”
The bad news is that it is not possible to remove the manipulated app and the spyware since they are integrated into the firmware, the malware also blocks any security updates as afurther protection mechanism.
“Unfortunately, removing the Trojan is not possible as it is part of the device’s firmware and apps that fall into this category cannot be deleted,” said Christian Geschkat, Product Manager at G Data. “This includes the fake Google Play Store app of the N9500.“
According the experts the cheap price of the mobile and the extensive accessories offered, are the element of attractive for users.
“The security experts at G DATA think that the low price of the mobile device is made possible by the subsequent selling of data records stolen from the smartphone owner. “In general, particularly cheap offers online that seem tempting should make buyers suspicious. There’s no such thing as a free lunch,” advises Christian Geschkat.” states the post.
Users have Install Mobile Antivirus on their device to detect this and other malware, be wary of Chinese products for which there is no guarantee of the security of the supply chain.
Mobile users affected by the pre-installed malware have to return the device back to the seller.
(Security Affairs – pre-installed malware, spyware)