Tuesday 13 December 2016

More Firmware Backdoor Found in 26 Low-Cost Android Devices(Android is no more Safe)

Android is no more Safe.

Here's is some bad news about Android User's.

Security Researcher comes up with new malware(Backdoor) hidden in the firmware of Several low end Android Smartphones and tablets, which displays advertisements on the top of running applications and install unwanted applications on the devices of unsuspected users.

Security Researchers from Russian antivirus vendor Dr.Web explained that this malware appears to be added by  "dishonest outsources who took part in creation of Android system images decided to make money on users"


 According to a report, the following 26 Android device models are affected:

  •     MegaFon Login 4 LTE
  •     Irbis TZ85
  •     Irbis TX97
  •     Irbis TZ43
  •     Bravis NB85
  •     Bravis NB105
  •     SUPRA M72KG
  •     SUPRA M729G
  •     SUPRA V2N10
  •     Pixus Touch 7.85 3G
  •     Itell K3300
  •     General Satellite GS700
  •     Digma Plane 9.7 3G
  •     Nomi C07000
  •     Prestigio MultiPad Wize 3021 3G
  •     Prestigio MultiPad PMT5001 3G
  •     Optima 10.1 3G TT1040MG
  •     Marshal ME-711
  •     7 MID
  •     Explay Imperium 8
  •     Perfeo 9032_3G
  •     Ritmix RMD-1121
  •     Oysters T72HM 3G
  •     Irbis tz70
  •     Irbis tz56
  •     Jeka JK103

These all are low cost devices, mostly marketed in Russia, and which run on MediaTek platform.

Malware Pushes to add Unwanted Applications


The Trojans, detected as Android.DownLoader.473.origin and Android.Sprovider.7, are capable of collecting data about the infected devices, contacting their command-and-control servers, automatically updating themselves, covertly downloading and installing other apps based on the instructions it receives from their server, and running each time the device is restarted or turned on.
Currently, this malware is forcibly downloading and installing the H5GameCenter app. This application is a Play Store-like app catalog that allows users to install other apps. The app is considered extremely intrusive because it shows its icon (an open blue box) floating above other apps non-stop, such as in the image below, and without an option to disable this behavior.
If users remove the H5GameCenter app, the firmware malware will reinstall it at a later point.

How to Identify


  • if you will see any unwanted application notification on current Running application and asking again and again to install apps identifies your android device is infected .

How to Prevent

  • Don't install any unwanted applicaions.
  • Don't Change Default settings of your Android  Device.
  • Read ever Terms and Conditions before installing any applicaion


Posted by at No comments:
Subscribe to: Posts (Atom)