Pierluigi Paganini
November 12, 2015
Once again electronics equipment from China was offered for sale with pre-installed Trojan. This time, several models of Android tablets sold on Amazon and other online stores are sold with pre-loaded the Cloudsota malware.
Cheetah Mobile has identified more than 30 Android tablet brands pre-loaded with the Cloudsota malware, the majority of them are generic brand tablets equipped with Allwinner chips.
“Recently, researchers from the Cheetah Mobile Security Lab have found a dangerous Trojan, dubbed Cloudsota, pre-installed on certain Android tablets. Tablets infected with this Trojan are still on the shelves of Amazon, ready to be shipped to customers around the world.” states the post published by Cheetah Mobile.
The list of infected devices includes JYJ 7, JEJA 7 Zoll, FUSION5, Alldaymall Tablet, Yuntab SZ Wave, and Tagital. All the infected Android tablets are manufafured by Chinese companies.
The experts at Cheetah Mobile noticed several online reviews from customers who have purchased Android tablets infected with the malware.
It seems that the Cloudsota Trojan was deployed on several Android Tablet for many months, hackers used it to conduct several illegal activities, including install adware and hijack search results.
The researchers highlighted that the malware is able to restore itself after a reboot if the user attempts to remove it, this is possible because it runs with root permissions.
According to data collected by security products installed by the Cheetah Mobile, more than 17,000 infected tablets have been purchased in more than 150 countries.
The highest number of infections was observed in Mexico, the United States and Turkey. Unfortunately, it is impossible to have a reliable estimation of the number of infected devices because there are many Android Tablets that comes without Cheetah Mobile security products.
Tablets infected with Cloudsota have been traced to over 150 countries, with the highest number of infections in Mexico, the United States and Turkey.
The worst aspect of the story is that despite Cheetah Mobile has reported the issue to the affected manufacturers, none of them responded.
The experts at Cheetah Mobile who analyzed the malware code and the C&C servers suspect that the threat actors behind the Cloudsota Trojan are from China.
Mobile devices shipped with pre-loaded malware are not a novelty, in September experts from G Data revealed that malware had been found on over two dozen smartphone models from China.
(Security Affairs – Android Tablet , Cloudsota Trojan)
