Messages, calling information, IMEI numbers, location and so on are data collected by AdUps spyware and sent to Chinese servers.
At the Black Hat Security in Las Vegas on July 26, Kryptowrite published a statement that made many people worried about: some Chinese low-end smartphone still exist AdUps’s backdoor software. The software continuously steals and sends data to Chinese servers within 72 hours.
AdUps is not a strange name as it was spotted doing the same thing in November last year on more than700 million cheap phones. According to Ryan Johnson, the head of the research team, the return of this malicious code is even more dangerous, because it has been upgraded and can hide better, harder to detect than many times.
At the end of last year, when it was discovered on a slew of low-cost smartphones, AdUps confirm that the company only collects data to improve the quality of service based on users’ habits and have removed the software themselves as well as delete the collected data. However, after almost 9 years, it seems that this is a promise.
Based on the collected statements, Kryptowrite analyzed and indicated information that the AdUps backdoor software collected. Specific:
Automatically collects and sends SMS, the user’s call logs to the remote server every 72 hours.
Collect and send personally identifiable information (PII) information to the server every 24 hours.
Steal the phone card identification number (IMSI) and IMEI smartphone and send it to the server.
Steal location data via GPS.
Information, application lists and data are installed. Application installation history.
Automatically download, update, and remove applications themselves silently without the user’s consent.
Self-updating firmware, install the highest administrative rights for your smartphone.
Installed anonymous software, which allows executing remote commands with the highest priority.
Thus, if installed AdUps ‘s backdoor, user’s smartphone has been completely occupied. All activities such as callings, text message are monitored. So far, completing removal of this malicious software is extremely difficult as it is ingrained into system.