In open-source media it has been reported that malicious firmware has been detected on cheap Google Android mobile devices. The malicious firmware has been loaded with malware that is capable of covertly stealing a victim’s data, displaying unwanted advertisements on top of running applications and it is able to download unwanted Android programming kit or APK files. The malware consists of malware downloaders which allows for malicious software to be downloaded on to the victim’s Android mobile device. The Google Android mobile devices such as phones and tablets are mostly affected are all located on the MediaTek operating system platform. The platform has been marketed and operating in Russia. The names of the malware downloaders are as follows; Android[.]Downloader[.]473 and Android[.]Sprovider[.]7.

In addition to the above-mentioned capabilities of the malware, it is also capable to contact other infected user’s devices, connect broadcast and transfer data back to the maliciously configured command and control servers and it also has the capability of upgrading its malicious code as the victims’ mobile devices are running, restarted and switched on. There are several manufacturers of mobile devices that are currently known to be infected by these two malicious malware downloaders. It is also now known where the software that is considered malicious code was developed. It was developed by a China based company that is backing up their claims that the software is not malicious and that their software runs updates for more than 700 million Google Android mobile devices world-wide. Which is awfully concerning to all Android mobile device users. It is important for Android users to be vigilant and to load well known mobile device anti-virus and mobile security applications to increase the likelihood of detection, as well as the capability to mitigate the cyber threat. Google is aware of the potential backdoor in the firmware of the issued mobile devices and they are currently working on a patch that can be distributed for further mitigation.

Source: Hacker News


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.