More Android-powered devices found with Trojans in their firmware

Doctor Web researchers have discovered two types of downloader Trojans that have been incorporated in the firmware of a number of Android-powered devices.

Both Trojans are capable of contacting their C&C servers, updating themselves, receiving instructions on which apps to covertly download and run, and start running each time the device is turned on or restarted.

One of them – the Android.Sprovider.7 Trojan, inserted into the firmware of Lenovo A319 and Lenovo A6000 smartphones – can also open specified links in a browser, make phone calls to a certain number through the standard system application, and show ads on top of apps and in the status bar.

The list of tablets and smartphones containing the other Trojan (Android.DownLoader.473.origin) is as follows: MegaFon Login 4 LTE, Irbis TZ85, Irbis TX97, Irbis TZ43, Irbis tz70, Irbis tz56, Bravis NB85, Bravis NB105, SUPRA M72KG, SUPRA M729G, SUPRA V2N10, Pixus Touch 7.85 3G, Itell K3300, General Satellite GS700, Digma Plane 9.7 3G, Nomi C07000, Prestigio, MultiPad Wize 3021 3G, Prestigio MultiPad PMT5001 3G, Optima 10.1 3G, TT1040MG, Marshal ME-711, 7 MID, Explay Imperium 8m, Perfeo 9032_3G, Ritmix RMD-1121, Oysters T72HM 3G, and Jeka JK103.

But, as the researchers noted, this list is probably not complete.

Currently both Trojans are used to deliver ad-showing apps, pushing users to download additional apps:

android devices trojans firmware

“It is known that cybercriminals generate their income by increasing application download statistics and by distributing advertising software. Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were incorporated into Android firmware because dishonest outsourcers who took part in creation of Android system images decided to make money on users,” the researchers pointed out.

Still, the Trojans could just as easily deliver more dangerous malware to users.

The researchers say that they have notified the manufacturers of these devices of this discovery. They also urge users of the infected devices to contact tech support to get updated, clean system software as soon as it is made available.

Don't miss