A Chinese Android smartphone on sale on Amazon, eBay and other online stores has been found to contain a virus that pretends to be the Google Play Store but steals user data.

The Star N9500, which closely resembles Samsung’s Galaxy S4 smartphone in appearance, is manufactured in China but sold online through resellers based in Belfast and Hong Kong.

The Trojan, known as “Uupay.D”, disguised as the Google Play Store, comes pre-installed on the Android smartphone and cannot be removed by the user, according to German security company G Data, which analysed one of the smartphones purchased directly from the factory in China.

‘Online criminals have full access to the smartphone’

The malware steals personal data from the phone and sends it to an anonymous server located in China, but is also capable of installing additional applications or viruses without the user’s knowledge.

"The options with this spy program are nearly unlimited. Online criminals have full access to the smartphone," explained Christian Geschkat, a product manager at G Data, in a blog post. "The only thing users see is an app with the Google Play Store icon in the running processes; other than that, the application is completely disguised.”

The virus enables the criminals to track the location of the smartphone, intercept and record phone calls, make purchases and send premium text messages without the user’s permission. It could also be used to break into online banking or other secure services.

Users are likely to be oblivious to the fact that their phone could be stealing their data. “Wow, this phone is amazing, especially when I look at those of my mates who have spent £500 plus for the same thing with the word Samsung on it!” said Mr MJ Griffiths on Amazon, rating the Chinese smartphone five stars.

The Chinese smartphone is available across Europe, including the UK, for less than £120, and has sold in the hundreds, with various confirmed reviews on Amazon ranking the device from five stars to one star. Some users complained about the poor build-quality, while others found the phone lasted only a couple of months before breaking down.

‘Manufacturer deliberately plant malware on its devices?’

The device is offered with an extensive list of accessories including a second battery, car charging adapter and second cover. Comparable devices from other manufacturers, including Samsung, cost about two to three times as much.

The low price of a smartphone with such a wide range of features is a criminal tactic, according to Geschkat, to entice users. The criminals likely make money from the sale of stolen personal data.



It is unknown at what point during the manufacturing process the malware was introduced. “Did the manufacturers of this Android smartphone deliberately plant malware on its devices, or did something go badly wrong on their production line which allowed the malware to sneak its way on board?” asked independent security consultant Graham Cluley in a blog post.

Either way, Geschkat advises buyers beware. "In general, particularly cheap offers online that seem tempting should make buyers suspicious. There’s no such thing as a free lunch.”

Android accounted for 97% of the malware targeted at mobile devices last year, according to data from security firm F-Secure, an increase of 20% year on year.

But the Google Play store, which comes pre-installed on all Google Android devices, only accounts for 0.1% of the malware. The majority of malware is downloaded from third-party app stores including the Chinese stores Baidu and Anzhi, where access to Google Play is restricted.

• Simplocker Android malware locks up your smartphone and demands a ransom for its safe return

• Smartphone security on a budget: four apps to try on Android and iPhone