Caution: Malware pre-installed! – Securelist

China’s leading TV station, CCTV, has a long-standing tradition of marking World Consumer Rights Day on March 15 with its ‘315 Evening Party’. The annual show makes a song and dance about consumer rights violations. This year’s party reported on cases where smartphone distribution channels pre-install malware into Android mobiles before selling them on to unwitting customers.

As the program showed, the malware pre-installed is called DataService:

And in another piece of news about this we found the md5 of this malware

This malware is detected by Kaspersky as Trojan.AndroidOS.Uupay.a. It isn’t a standalone program. It works in conjunction with ordinary Android apps, meaning that most users know nothing about this until they are hit with an inflated phone bill. What does this “DataService” malware actually do? As reported, it can upload a lot of information like IMEI, MAC addresses, phone model, installed application list, etc. Also it can push a lot of ads and download the specific apps. Let’s take a deeper look and verify these things from the code level.

First, for a general view, let’s see AndroidManifest.xml unzipped from the malware apk, which presents essential information about the app. At a glance, we can see it really gains various sensitive permissions, some of which can cost you money and gain access to your sensitive information:

via Caution: Malware pre-installed! – Securelist.

Author: Daniel Garrie

Daniel Garrie is a renowned computer forensics, e-discovery, privacy, and cyber security expert and thought leader. Quoted in Forbes and profiled in the Los Angeles Daily Journal, he is a frequently retained neutral and Chair of Alternative Resolution Center’s (ARC) E-Discovery and Forensic Dispute Resolution practice. Today, Mr. Garrie is a Partner and General Counsel for Law and Forensics LLC, a boutique legal strategy and forensics firm that works with clients across industries to address privacy, e-discovery and forensic issues in the U.S. and abroad.In the past two years, Mr. Garrie has been involved in over 50 e-discovery matters both in the U.S. and abroad.