SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
21 Jan 2016

Experts found Trojan pre-installed on Philips smartphones

Some Philips s307 Android smartphones come with a pre-installed trojan (Android.Cooee.1) that shows ads and animations on the user's main screen, and cannot be removed without a firmware update or after going through a complicated series of steps, as Dr.Web, a Russian antivirus maker, is reporting.

The adware was initially spotted in October but was only found on low-end Android smartphones from a series of unknown manufacturers.

A recent incident has brought the trojan back into Dr.Web's attention when Android.Cooee was found in high-end smartphones manufactured by Philips (the s307 series). The trojan is pre-installed on the device, right into the firmware, as the Android system loader. Removing it will render the device dead, not being able to start. Most of the time, Android.Cooee.1 remains dormant on the device, without showing any activity. When it receives instructions from a C&C server, the trojan will display ads on the home screen, or download and silently install other applications. Since the trojan is part of the Android system, it already has root privileges, and all these malicious applications are installed without ever needing any user interaction.

The trojan could be used to deploy more dangerous threats

"The range of the downloaded applications is extremely wide: from benign games and web browsers to various malicious programs, such as SMS and downloader Trojans, and even banking Trojans that are able to covertly steal money from users’ bank accounts," Dr.Web's security team explains. Right now, Dr.Web has seen the trojan only show ads and install applications as part of a pay-per-install affiliate program that pockets the Android.Cooee author some pretty nice fees.

Users who want to remove the trojan can do it by loading and setting an alternative launcher for the Android OS. This is a complex operation that also requires root privileges. For some mobile operators, getting root privileges voids the device's warranty, so users should avoid going through this operation if possible. For most cases, it is recommended that users contact the phone's manufacturer and ask for a firmware update.

Dr.Web says it contacted Philips, who said it "is considering possible solutions to the problem." Pre-installed malware on Android smartphones is nothing new. Dr.Web previously discovered the Android.Backdoor.114.origin trojan on the Oysters T104 HVi 3G tablet, and G DATA found malware pre-installed on the firmware of 23 Android smartphone models.

Tags:
Philips Android trojan information leaks
Source:
Softpedia
2215
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015