p*****s 发帖数: 1780 | 1 he Star N9500, a cheap Android-powered smartphone made in China, ships with
more than just an 8-megapixel camera and quad-core processor, according G
Data, a Germany cyber-security company. The company says it has discovered
malicious software—which could be used to track the phone’s user and
manipulate the device remotely—embedded in the device.
G Data, which sells anti-virus and cyber-security products, said it
discovered a so-called Trojan-horse malware, called Usupay.D, in the phone’
s Google GOOGL +1.24% Play app store.
It said it fielded several complaints from buyers of the phone and ran tests
on a newly purchased device.
G Data said that during testing, it found that the spyware on the smartphone
sends phone identification and specification data to an unidentified server
located in China.
G Data said the malware could also operate phone functions remotely, like
turning on the camera, though it said it found no evidence that had happened
in the phone it studied.
It also said that sending data to a Chinese served doesn’t necessarily
suggest an attacker targeting the phone is based there.
G Data could not say how the malware ended up on the phone. Shenzhen-based -
based manufacturer Tianxing, which makes the phone, wasn’t available for
comment. G Data spokesman Thorsten Urbanski said G Data also tried
unsuccessfully to contact the manufacturer.
The N9500, similar to the best-selling Samsung Galaxy S4, is a popular low-
cost smartphone, pricing on Amazon.co.uk for between £85 ($141) for a
new 5.0 inch version to £119.89 for a new 5.7 inch HD version.
Amazon and Google weren’t immediately available for comment.
The malicious software is pre-installed in the so-called firmware, the
software that comes with the phone and operates its systems. It can
therefore not simply be deleted like a regular app installed from a third-
party app store.
The malware program itself was identified by Kaspersky Lab in March 2013. G
Data says its analysis is the first time Usupay.D has been discovered
bundled with a mobile phone.
—Chase Gummer and Lorraine Luk contributed to this article |
|