BSI warns: Smartphones with preinstalled malware

A smartphone is now part of the basic equipment of modern people - regardless of age or budget. If there is not so much money left over, you can at least buy smart cell phone models for around 100 euros. However, you should be careful of some devices, as the Federal Office for Information Security (BSI) has announced. Because a few Android smartphones from the cheap segment come with preinstalled malware. This malware, which is partly deeply anchored in the system, makes online banking via smartphone, for example, a risk.

The Federal Office for Information Security (BSI) has issued a warning about some Android smartphones. The phones have the Andr / Xgen2-CY malware preinstalled, which is a security risk.

The Federal Office for Information Security (BSI) has issued a warning about some Android smartphones. The phones have the Andr / Xgen2-CY malware preinstalled, which is a security risk.

BSI warns of cell phones with malware in the system

"The Federal Office for Information Security (BSI) has again proven that malware was preinstalled on several smartphones“, It says in one official communication. With reference to §7 des BSI law Accordingly, a warning is issued against these smartphone models that have been tested and equipped with malware:

  • Doogoo BL7000
  • M Horse Pure 1
  • VKworld Mix Plus
  • Keecoo P11 (firmware V3.02)

In the VKworld Mix Plus, the dangerous malware was detected in two firmware versions (V3.05 and V3.07). According to statements by the BSI, however, she did not become active. With regard to the Keecoo P11, users are advised to update the firmware to V3.04. The update cleans the system of the malware, which, among other things, BankingTrojans can install.

Information from the Federal Office for Information Security

"Our studies clearly show that IT devices with preinstalled malware are obviously not isolated cases. They endanger the consumers who buy these cheap smartphones and who ultimately pay extra with their data“, Says the BSI President Arne Schönbohm. 

"A particular risk arises when the infected smartphone is used to control the smart home, including window security or alarm system. In order to prevent such attack scenarios, we need a joint effort, especially on the part of manufacturers and retailers, so that such unsafe devices cannot even be sold in the future."

Network operators should educate users about dangers

While manufacturers and retailers are to be involved in averting possible dangers and security gaps through cheap smartphones equipped with malware ex works, it is up to the network operators to educate current users. The mobile phone providers were informed accordingly about the malware cases on the devices in their networks. "The providers were asked to notify their affected customers accordingly“, It says in the link above. 

The name of the malware, which was assigned by the IT security company Sophos, can also be found there: Andr / Xgen2-CY. It can forward data to a command and control server (C&C) as well as other malicious software such as Trojans or viruses and Ransomware load, install and run. It cannot be removed manually.

Are all other Android smartphones safe per se?

While the models listed above come with malware ex works, many other smartphones - in addition to the Apple iPhone and those with Android - are inherently safe. Especially well-known cell phones like those from Samsung or Sony. However, it cannot be ruled out that users can get malicious software onto their phones via infected apps, websites, phishing emails or other attacks. 

About 2,5 years ago I already did reported on Gooligan; malware that was hiding in numerous Android apps that could be regularly downloaded onto your Android device via the Google Play Store. A little IT understanding, caution and research do not hurt before you load an app, click on a link or open email attachments from unknown senders. A couple of additional tips can be found here.

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * marked