Android’s long and storied malware history is almost a thing of folklore at this point. Google’s open approach to the way Android is distributed as well as the ability to side-load apps has left its platform wide open for all kinds of mischievous shenanigans, and even though security updates keep rolling out of Google, the issue of device security isn’t going to go away overnight.
But things are worse than some apps stealing data if you have the misfortune to install them, because sometimes it appears you need not install anything at all to be the victim of such theft. Reports are today popping up everywhere that one particular Android phone is being shipped with some particularly nasty malware, and the phone’s being bought at otherwise reputable online stores such as Amazon.
The handset in question is the Star 9500 and the variants of that name that little online stores. Looking remarkably like a Samsung Galaxy S4, the Star 9500 (Samsung also calls the S5 the i9500) has been found to come pre-loaded with the Uupay.D trojan, which is capable of an almost limitless laundry list of nastiness. Security company G DATA’s Christian Geschkat has reported that the phone, as a result of this trojan, is sending data to an anonymous server located in, wait for it….China.
The options with this spy program are nearly unlimited. Online criminals have full access to the smartphone.
In essence, that means that a server, sat somewhere in China, is playing host to all kinds of personal data belonging to the people using this phone or one of its variants. Text messages, banking information and even phone calls have been intercepted and the phone’s users have absolutely no idea.
At the time of writing, eBay has already pulled all listings for the Star 9500 smartphone, but Amazon – in the UK at least – still has the BW Star 9500 on sale for a paltry £85 – that’s less than $150. What’s more, the device even ships from Amazon’s own warehouses and has over 100 positive reviews left by happy buyers. The phone’s rating is already under attack my people leaving reviews to warn of the malware risk, however.
Hopefully nobody else will pay up and Amazon will pull the offending smartphone before anymore damage is done.
You may also like to check out:
You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.