Hidden Backdoor Found in Thousands of Android Devices

A new report reveals that some cheap Android TV streaming boxes and tablets come with a hidden backdoor that can be used for cybercrime.

According to the cybersecurity firm Human Security, some Android devices sold on Amazon and other online platforms have a hidden backdoor that allows them to download malicious instructions from a server in China. The backdoor can be used to create fake Gmail and WhatsApp accounts, sell access to the user’s home network, and display fraudulent ads. The backdoor is installed on the device’s firmware, making it difficult or impossible to remove.

Human Security found a total of seven Android TV boxes and one tablet with the backdoor installed. The devices are the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W. The devices are often sold unbranded or under different names, making them hard to identify.

Hidden Backdoor Found in Thousands of Android Devices
Hidden Backdoor Found in Thousands of Android Devices

The backdoor was first discovered in January by a researcher who bought a T95 Android TV streaming box on Amazon. He noticed that the device was infected with malware before he ever used it. He reported his findings to Human Security, which confirmed the issue and found more devices with the same problem.

How does the backdoor work?

The backdoor works by downloading a set of instructions from a server in China when the device is plugged in. The instructions tell the device what to do, such as creating fake accounts, selling network access, or displaying ads. The instructions can be updated at any time by the server, giving the attackers full control over the device.

The backdoor also affects some apps that users may have downloaded from Google Play or other sources. The apps are infected with a code that communicates with the same server in China and performs similar malicious activities. Human Security found that the apps involved were making 4 billion ad requests per day, affecting 121,000 Android devices and 159,000 iOS devices. The infected apps had been downloaded an estimated 15 million times.

Google has removed many of the impacted apps from Google Play following Human Security’s report. However, some apps may still be available on other platforms or websites.

What are the risks of using a device with a backdoor?

Using a device with a backdoor can expose users to various risks, such as:

  • Identity theft: The device can create fake accounts using the user’s email address or phone number, which can be used for spamming, phishing, or impersonation.
  • Network compromise: The device can sell access to the user’s home network to other hackers, who can then exploit other devices or data on the network.
  • Ad fraud: The device can display fraudulent ads that generate revenue for the attackers or trick users into clicking on malicious links or downloading malware.
  • Device performance: The device can consume a lot of bandwidth, battery, and memory while performing malicious activities, slowing down the device or causing it to crash.

How can users protect themselves from the hidden backdoor?

The best way to protect oneself from the hidden backdoor is to avoid buying cheap or unbranded Android devices from unknown sources. Users should only buy devices from reputable brands and trusted platforms that have quality control and security measures in place.

If users already own a device that may be infected with the backdoor, they should:

  • Disconnect it from the internet and power source immediately.
  • Reset it to factory settings if possible.
  • Contact the seller or manufacturer for a refund or replacement.
  • Report the issue to Amazon or other platforms where they bought the device.
  • Install antivirus software on their device and scan it regularly.
  • Update their device’s firmware and apps whenever possible.
  • Avoid downloading apps from unverified sources or granting unnecessary permissions to apps.

Leave a Reply

Your email address will not be published. Required fields are marked *