Android phones are now being sold with pre-installed malware

June 19, 2014 – 4:44 AM

Android has a well-earned reputation for malware issues, despite Google’s efforts to keep its Play Store free of rogue apps. But there are many dark corners of Android where malware continues to thrive, particularly on independent app stores that do little or nothing to keep such apps at bay.

Security advisors are constantly reminding users to be cautious of what they install on their devices, but it seems that even that advice is no longer sufficient. German security firm G DATA issued a release this week warning that Android handsets were being sold via numerous outlets, including major online stores such as eBay and Amazon, “with extensive spyware straight from the factory.”

The Star 9500 – available under several variations of that name – bears a striking a similarity to the Galaxy S4, which is known also by its Samsung model number, i9500. G DATA reported that the Star 9500 is being sold preloaded with a Trojan, known as Uupay.D. Unlike most malware, it is not simply an app that can be uninstalled from the device; rather, the Trojan is baked into the firmware, disguised as the legitimate Google Play Store, and cannot be be simply extricated from the device’s OS.

Source:
http://www.neowin.net/news/android-phones-are-now-being-sold-with-pre-installed-malware