Translated by
2019/06/09 10:30:02

Andr/Xgen2-CY (virus)

2019: The Chinese smartphones from the plant are delivered with a virus

At the beginning of June, 2019 the Federal agency on information security Germany (or Bundesamt für Sicherheit in Informationstechnik - BSI) warned users about detection of dangerous malware in a firmware of four models smartphones.

The Chinese budget smartphones Doogee BL7000, M-Horse Pure 1, Keecoo P11 and VKworld Mix Plus belong to these models (malware is present at a firmware, but inactively). BSI reported that the firmware of phones contained a trojan under the name Andr/Xgen2-CY.

The British company on cyber security of Sophos Labs for the first time detected this kind of the malware in October, 2018. In the report of Sophos it is said that this virus collects all data from the infected devices, directs them to the managing server and waits for further instructions.

The Doogee BL7000 smartphone from the plant is delivered with a virus which collects all data from the device
The Doogee BL7000 smartphone from the plant is delivered with a virus which collects all data from the device

The Andr/Xgen2-CY virus collects such data as the phone number of the device, information on location, the identifiers IMEI and Android, data on the producer, model, the brand, the version of OS, information on the processor, type of network, the RAM and ROM size, the size of the SD card and mobile operator. After registration of a profile of the infected phone on the server malefactors can use the malware to download, set and delete applications and also to open URL in the browser (though this function, apparently, is in a development stage).

This malware - not just excessively aggressive advertizing module. According to Sophos, the virus is disguised as a part of library of support Android, and its removal is impossible without update of a firmware released by the producer. Unfortunately, updates of a firmware without malware are available only to the Keecoo P11 model.

BSI warns that users of these devices risk to become the victims of malefactors which viruses racketeers, bank trojans or advertizing software are capable to install of them telephones.[1]

Notes