The powerful but surprisingly cheap Chinese-made Android Star N9500 smartphone sold on a wide range of websites including Amazon UK and eBay is being used to distribute a dangerous factory-installed Trojan, German security firm G Data has alleged.
The firm said it examined the €130 euro (£113) quad-core smartphone after complaints by customers, discovering that it contained Uupay.D Trojan embedded on the device disguised as the Google Play store app.
Capable of taking complete control of the device and stealing personal data, the malware could not be easily be detected or removed by the user. Incredibly, because the malware was baked into the firmware it must have been installed during manufacture, the firm said.
"The only thing users see is an app with the Google Play Store icon in the running processes; other than that, the application is completely disguised," said G Data’s Christian Geschkat.
"Unfortunately, removing the Trojan is not possible as it is part of the device's firmware and apps that fall into this category cannot be deleted. This includes the fake Google Play Store app of the N9500."
He recommended that users load G Data’s own Android security app to detect the malware although because Uupay.D is not new it should be possible to do the same with other Android security apps.
The malware was being used to send data to an anonymous server in China, he said. "It is not possible to find out who ends up receiving and using the data."
The N9500 appears to have been sold to anything from a few dozen to a few hundred customers in recent weeks, gaining mixed reviews. The current price is £113 on Amazon, which makes the device unusually cheap for a quad-core handset which would normally cost perhaps twice that price.
Techworld was not able to confirm whether the warning applied to all smartphones using this model number or only some of them.
Star also sells a second other similar quad-core Android smartphones such as the S9500; this even more popular smartphone is not mentioned as part of G Data's warning but given the fact that the malware on the N9500 was factory-installed it would be wise to remain cautious until it is given the all-clear.
Anyone who did buy one should first confirm that it contains malware by loading G Data’s security app which should detect it. Regardless, users should stop using the device.
Beyond that, they could ask for a refund. It’s not clear how well embedded the software is on the device but loading a new operating system image (i.e. CyanogenMod) might offer a way to rescue some value from the device.