Manufacturers of Android-devices produce smartphones with built Trojans




Experts of company “Doctor Web” found a trojan built directly into the operating system image to a number of Android-smartphone. Malicious applications, named Android.Becu.1.origin, is able to download, install and uninstall programs without the knowledge of users, and can block certain numbers from incoming SMS.


This malicious program is a comprehensive threat consisting of multiple closely interacting modules. The main component is a file Cube_CJIA01.apk, which is located directly in the system directory and is digitally signed by the operating system, which gives him unlimited powers. Also, the location of this application directly in the firmware considerably complicates its removal by conventional methods.

Trojan starts its malicious activities at every turn on the phone, as well as in the preparation of its own new SMS. As soon as there comes one of these events, Android.Becu.1.origin in accordance with its configuration files are downloaded from a remote server, the encrypted data block, which after decryption saved under uac.apk in the working directory and the Trojan runs in RAM using the class DexClassLoader. Following this, the Trojan launches its second component uac.dex, stored in the same working directory. Both of these modules are responsible for the main functionality of this malicious Android-threat – namely, the possibility of covertly download, install and remove these or other applications on the team managed server.

After successful activation of these components malware checks in the system of its third module in the package, which in the absence of downloaded and installed on your device. This module detects an infected smartphone or tablet to a malicious server, providing them with information on active copies Android.Becu.1.origin. If one or more modules of the Trojan will be deleted by the user, the main file is a malicious application restore them by repeating the installation process. In addition to performing its main purpose – quiet work with applications – Trojan can also block all incoming from certain numbers SMS-message.


Currently specialists aware of the presence of this threat on a number of popular models of Android-devices budget price segment. Among them – UBTEL U8, H9001, World Phone 4, X3s, M900, Star N8000, ALPS H9500 and many others. The most likely vector of infection of these devices is to spread the Trojan Android.Becu.1.origin modified by hackers, firmware files that are loaded by the users themselves, as well as the installation of OS images unscrupulous suppliers of smartphones and tablets.

Since Android.Becu.1.origin located directly inside the operating system itself, its complete removal by conventional methods is very problematic, so the easiest and safest way to deal with the Trojan is its “freezing” in the Control Menu applications.

Join us on Twitter , VKontakte , Facebook , Google+ or via RSS , to keep abreast of the latest news from the world of Apple, Microsoft and Google.


In: Technology & Gadgets Asked By: [15576 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »