Chinese mobile manufacturer Coolpad is building backdoors into high-end Google Android-powered smartphones, according to Palo Alto Networks' Unit 42. The "CoolReaper" backdoor has been found on a variety of ROMs that were downloaded by security researchers. Coolpad is the No. 6 largest smartphone manufacture in the world, No. 3 inside of China, so this is an extremely troubling development.
CoolReaper is able to download, install, or activate Android applications without needing owner consent or notification. It can also clear user data, uninstall applications, and disable system applications. Researchers also found that it can dial arbitrary phone numbers and send SMS or MMS messages from the phone.
"CoolReaper is the first malware we have seen that was built and operated by an Android manufacturer," according to the Palo Alto Networks' Unit 42 blog. "The changes Coolpad made to the Android OS to hide the backdoor from users and anti-virus programs are unique and should make people think twice about the integrity of their mobile devices."