View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 17, 2014

‘CoolReaper’ backdoor uncovered in CoolPad Android devices

Could potentially impact to over 10 million users.

By Ellie Burns

Palo Alto Networks has revealed details of a backdoor contained in millions of Android-based mobile devices sold by Coolpad, one of the world’s largest smartphone manufacturers based in China.

The ‘CoolReaper’ backdoor exposes users to potential malicious activity and appears to have been installed and maintained by Coolpad despite objections from customers.

Following detailed analysis by Unit 42, the Palo Alto Networks threat intelligence team, CoolReaper appears to operate well beyond the collection of basic usage data, acting as a true backdoor into Coolpad devices.

Coolpad also appears to have modified a version of the Android OS to make it much more difficult for antivirus programs to detect the backdoor.

CoolReaper, which was discovered by Palo Alto Networks researcher Claud Xiao, has been identified on 24 phone models sold by Coolpad, meaning a potential impact to over 10 million users based on publicly-obtainable Coolpad sales information.

Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks commented: "We expect Android manufacturers to pre-install software onto devices that provide features and keep their applications up to date."

"But the CoolReaper backdoor detailed in this report goes well beyond what users might expect, giving Coolpad complete control over the affected devices, hiding the software from antivirus programs, and leaving users unprotected from malicious attackers."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"We urge the millions of Coolpad users who may be impacted by CoolReaper to inspect their devices for presence of the backdoor and to take measures to protect their data."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.