China’s leading TV station, CCTV, has a long-standing tradition of marking World Consumer Rights Day on March 15 with its ‘315 Evening Party’. The annual show makes a song and dance about consumer rights violations. This year’s party reported on cases where smartphone distribution channels pre-install malware into Android mobiles before selling them on to unwitting customers.
As the program showed, the malware pre-installed is called DataService:
And in another piece of news about this we found the md5 of this malware
This malware is detected by Kaspersky as Trojan.AndroidOS.Uupay.a. It isn’t a standalone program. It works in conjunction with ordinary Android apps, meaning that most users know nothing about this until they are hit with an inflated phone bill. What does this “DataService” malware actually do? As reported, it can upload a lot of information like IMEI, MAC addresses, phone model, installed application list, etc. Also it can push a lot of ads and download the specific apps. Let’s take a deeper look and verify these things from the code level.
First, for a general view, let’s see AndroidManifest.xml unzipped from the malware apk, which presents essential information about the app. At a glance, we can see it really gains various sensitive permissions, some of which can cost you money and gain access to your sensitive information：