The German Federal Office for information security warns the customers against using the following four low-end smartphone models. The agency has recently issued security flaws warning the customers to avoid using the Dogee BL7000, the M-Horse Pure 1, the Keecoo P11, and the VKworld Mix Plus since these models have been detected with dangerous backdoor malware embedded in the firmware. All four impacted smartphone models are said to be low-end smartphones.
List of smartphones affected
- Dogee BL7000
- M-Horse Pure 1
- The Keecoo P11
- VKworld Mix
The BSI confirmed that these models contained a backdoor trojan named Andr/Xgen2-CY.
This malware was first spotted by the UK based cybersecurity firm Sophos Labs in October 2018. In a report published back then, Sophos said that the malware was actually embedded inside an app named SoundRecorder, included by default on uleFone S8 Pro smartphones.
Sophos also said Andr/Xgen2-CY was designed to work as an unremovable backdoor for the infected phones. The malware’s basic design was to start running as soon as the phone turns on, collect all the details about an infected phone, revert back a pop-up message to its command-and-control server, and wait for future response or instructions.
This new malware is capable of collecting the following data:
- The device’s phone number.
- Location information, which included latitude, longitude and a street address.
- IMEI identifier and android ID.
- Screen resolution, CPU information, network type.
- MAC address, RAM and ROM size, and SD card size.
- Mobile phone service provider.
Once the profile of an infected phone was registered on the attacker’s server, they could easily use the malware for:
- downloading and installing apps.
- uninstalling apps.
- executing shell commands.
- opening URL in the browser.
But even more, worrying news is that this malware is not possible to be removed. The malware is not just some overly-aggressive advertising module, but it can also disguise itself as a part of an Android support library, in a way meant to hide it from the view.
“Manual removal of the malware is not possible due to its anchoring in the internal area of the firmware.” said the BSI. The malware can be removed just by a firmware update issued by the phone makers. But unfortunately, these firmware updates are available only for the Keecoo P11 model, and not for the others.
The BSI also warned the users of these models that they are now at risk of having other malware pushed to their infected devices from the malware’s control servers, like ransomware, banking trojans, or adware.