Palo Alto Networks has revealed details of a backdoor contained in millions of Android-based mobile devices sold by Coolpad, one of the world’s largest smartphone manufacturers based in China.
The ‘CoolReaper’ backdoor exposes users to potential malicious activity and appears to have been installed and maintained by Coolpad despite objections from customers.
Following detailed analysis by Unit 42, the Palo Alto Networks threat intelligence team, CoolReaper appears to operate well beyond the collection of basic usage data, acting as a true backdoor into Coolpad devices.
Coolpad also appears to have modified a version of the Android OS to make it much more difficult for antivirus programs to detect the backdoor.
CoolReaper, which was discovered by Palo Alto Networks researcher Claud Xiao, has been identified on 24 phone models sold by Coolpad, meaning a potential impact to over 10 million users based on publicly-obtainable Coolpad sales information.
Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks commented: "We expect Android manufacturers to pre-install software onto devices that provide features and keep their applications up to date."
"But the CoolReaper backdoor detailed in this report goes well beyond what users might expect, giving Coolpad complete control over the affected devices, hiding the software from antivirus programs, and leaving users unprotected from malicious attackers."
"We urge the millions of Coolpad users who may be impacted by CoolReaper to inspect their devices for presence of the backdoor and to take measures to protect their data."
