A backdoor, named “CoolReaper,” apparently installed by Chinese phone-maker Coolpad in its Android-based mobile devices leaves users vulnerable to malicious activity, researchers at Palo Alto Networks have revealed.
Discovered by researcher Claud Xiao, CoolReaper goes “well beyond” the type of usage data collection that mobile carriers typically do “and acts as a true backdoor into Coolpad devices,” according to a blog penned by Xiao and the company's Unit 42 Intelligence Director, Ryan Olson.
CoolReaper can download, install or activate Android apps without the consent or notification of the user; clear user data and uninstall or disable apps, alert users to a fake Over-the-air (OTA) update that actually installs unwanted apps and upload device location and usage data to a Coolpad server.
The backdoor, detailed in a report, has been identified on 24 Coolpad phone models, affecting more than 10 million users.