Android has a well-earned reputation for malware issues, despite Google’s efforts to keep its Play Store free of rogue apps. But there are many dark corners of Android where malware continues to thrive, particularly on independent app stores that do little or nothing to keep such apps at bay.
Security advisors are constantly reminding users to be cautious of what they install on their devices, but it seems that even that advice is no longer sufficient. German security firm G DATA issued a release this week warning that Android handsets were being sold via numerous outlets, including major online stores such as eBay and Amazon, “with extensive spyware straight from the factory.”
It may look like a Galaxy S4, but this cheap Chinese knock-off is loaded with malware
The Star 9500 - available under several variations of that name - bears a striking a similarity to the Galaxy S4, which is known also by its Samsung model number, i9500. G DATA reported that the Star 9500 is being sold preloaded with a Trojan, known as Uupay.D. Unlike most malware, it is not simply an app that can be uninstalled from the device; rather, the Trojan is baked into the firmware, disguised as the legitimate Google Play Store, and cannot be be simply extricated from the device's OS.
According to G DATA’s Christian Geschkat, “the options with this spy program are nearly unlimited. Online criminals have full access to the smartphone.” The firm’s security specialists have determined that spyware running in the background on each device has been sending personal data to a Chinese server.
The problem of malware on Android is something of a running joke for some - but it's no laughing matter
Personal data – including passwords, banking details, and contacts – along with the content of emails and text messages are all remotely accessible by the server, and even a user’s calls can be intercepted. The camera and microphone can be activated without the user’s knowledge too, while the software also blocks installation of security updates.
Researchers at the firm have so far been unable to determine who is harvesting the data. “The intercepted data is sent to an anonymous server in China,” Geschkat said. “It is not possible to find out who ends up receiving and using the data.”
Numerous retailers and online marketplaces have been selling the device, with an unknown number having been purchased already across Europe for around €150 EUR (around $204 USD / £120 GBP). That’s not a bad price for the uneducated buyer, given the handset’s specs, which includes a quad-core processor, 5-inch HD display, 8GB of storage and a 12MP camera, along with a range of free accessories, such as an additional battery, car charger and a cover.
BBC News reports that eBay has now removed the device from its listings worldwide. A spokesperson said: “Due to reports that some Star 9500 smartphones are loaded with spyware, eBay is not allowing the sale of these devices as a precautionary measure.”
The device is still available to purchase from sites such as Amazon
Other retailers are still catching up, however. At time of publication, the device remains available from multiple third-party sellers on Amazon Marketplace, with some even being shipped by Amazon itself from its warehouses. In the UK, the device is available on Amazon for as little as £85 ($145 / €106), where it is being sold as the 'BW Star S9500'.
Geschkat said that many buyers will have been seduced by the low price of the device, but believes that those behind the malware have been profiting considerably from the sale of the stolen data and user information. His final words on the matter remind us all that when something seems too good to be true, it often is: “In general, particularly cheap offers online that seem tempting should make buyers suspicious. There’s no such thing as a free lunch.”