While most malware is the result of third-party attackers trying to gain access to your device or information, security research firm Palo Alto Networks has discovered that Chinese handset maker Coolpad has deliberately installed a backdoor on two dozen of its Android handset models. The so-called “CoolReaper” backdoor presents several security risks and is believed to impact over 10 million users.
The hidden malware allows for Coolpad, the third-largest smartphone maker in China and sixth-largest worldwide, to perform unsolicited tasks such as download any Android application without user consent or notification, clear user data, notify users of fake over-the-air software updates that install unwanted applications, upload device information to a Coolpad server and more.
The backdoor has been installed on devices despite objections from customers and complaints about unwanted applications and push-notification advertisements. Palo Alto Networks claims that complaints about this malicious activity have been ignored or deleted, despite the serious privacy and security implications involved. A detailed list of what CoolReaper makes possible:
- Download, install, or activate any Android application without user consent or notification
- Clear user data, uninstall existing applications, or disable system applications
- Notify users of a fake over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications
- Send or insert arbitrary SMS or MMS messages into the phone.
- Dial arbitrary phone numbers
- Upload information about device, its location, application usage, calling and SMS history to a Coolpad server
Palo Alto Networks, which also discovered the WireLurker malware that was capable of affecting Mac and iOS users in China, conducted its investigation after reviewing complaints on message boards about suspicious activities on Coolpad devices. The security firm installed multiple copies of the custom ROMs installed on Coolpad devices in China and found that most included CoolReaper.
The Unit 42 division of Palo Alto Networks found that Coolpad even went as far as modifying its custom Android version to hide the malware and make it harder to be detected by antivirus software. The security firm has put together a 32-page document, embedded below, that explains the malware in further detail and offers potential solutions on how to remove the associated files.
[protected-iframe id=”622df28592779f10640cfc422f1918d9-22427743-4201603″ info=”https://www.scribd.com/embeds/250401874/content?start_page=1&view_mode=scroll&show_recommendations=true” width=”100%” height=”600″ frameborder=”0″ scrolling=”no”]