Researchers at Palo Alto found that many ROM images used for Android smart phones manufactured by Coolpad contain a backdoor, giving an attacker full control of the device. Palo Alto named the backdoor "Coolreaper".
With Android, it is very common for manufacturers to install additional applications. But these applications are installed on top of the Android operating system. In this case, Coolpad integrated additional functionality into the firmware of the device. This backdoor was then used by Coolpad to push advertisements to its users and to install additional Android applications. But its functionality goes way beyond simple advertisements.
The backdoor provides full access to the device. It allows the installation of additional software, accessing any information about the device, and even notifying the user of fake over the air updates.
How important is this threat?
Coolpad devices are mostly used in China, with a market share of 11.5% according to the report. They are not found much outside of China. The phones are typically sold under brands like Coolpad, Dazen and Magview.
The following domains and IPs are used for the C&C channel:
113.142.37.149, dmp.coolyn.com, dmp.51coolpad.com, icudata.coolyun.com, icudata.51coolpad.com, 113.142.37.246, icucfg.coolyun.com and others . Blocking and logging outbound traffic for these IPs will help you identify affected devices.
For details, see the Palo Alto Networks report at https://www.paloaltonetworks.com/threat-research.html
'Security_News > 해외보안소식' 카테고리의 다른 글
| 한국 은행을 노리는 온라인 은행 사기 도구 C & C 서버로 향한 경로에 Pinterest를 이용 (0) | 2014.12.19 |
|---|---|
| Exploit Kit Evolution During 2014 - Nuclear Pack (0) | 2014.12.19 |
| Some Memory Forensic with Forensic Suite (Volatility plugins) (0) | 2014.12.18 |
| Safari 8.0.2 Still Supporting SSLv3 with Block Ciphers (0) | 2014.12.18 |
| 비영어권 Malware 늘어가는 중, 최근 일본은행 노린 피싱 흔적 발견 (0) | 2014.12.17 |