Abusive SDK by Baidu Chinese Search Engine Installs Malicious Backdoors on Android Devices

Devices running the infamous Android operating system have been a growing target amongst the world of malicious software and apps. Android, due to its openness and easy of sharing or spreading malicious apps, there are literally millions of devices around the world that are believed to be infected with some type of malware.

In the latest discovery of Android malware, it was found by Trend Micro that a creepy Baidu Chinese search engine site is offering an SDK (software development kit) that has allowed abuse to install backdoors on Android devices. Upon installing a Backdoor Trojan horse, affected devices would allow attackers to control the infected device and send HTTP requests to execute malicious commands.

We have witnessed firsthand many instances of attackers utilizing backdoors to infiltrate vulnerable computers in the past with much success in either collecting personal data or further infecting systems with aggressive malware threats.

When it comes to Android devices, we see a new world that opens up to hundreds of millions of devices from smartphones to tablets that can be hacked to perform malicious and sometimes illegal actions over the internet. Think of a hacked Android device affected by the manipulated SDK to be a portal for hackers to carry out many dirty and deceitful activities that end-users of Android devices may ultimately be the responsible party.

What is being dubbed as the Moplus SDK, researchers have identified to be a kit that automatically launches on an HTTP server on an Android device while it runs in the background going unnoticed by the user. The control server that sends out commands to infected Android devices is currently telling devices to execute malicious commands using ports 6259 or 40310.

Researchers believe that nearly 100 million Android users are currently effected by the outbreak of the Moplus SDK making this an urgent matter to resolve.

Among the nearly endless list of things that the malicious Moplus SDK can do, there are quite some scary things that it could perform while residing on an Android smartphone or tablet. Among those items Moplus SDK can send SMS messages, make phone calls, get phone details, download files onto the infected device, upload files from the device, get a list of locally installed apps, secretly install other apps, and get the devices geolocation.

As far as the attackers targeting vulnerable Android devices, they would only need to scan a mobile network for the two ports, 6259 or 40310, which it primarily utilizes.

Baidu was brought to the light of the issue and has since removed some of the SDK's functionally stopping the Moplus SDK's ability to download and upload files, add new contacts, scan downloaded files, and scan for local apps.

Unfortunately, the Moplus SDK is not the first instance of a malicious SDK being exploited through a Chinese company. There have been other cases that involved SDKs that secretly stole SMS messages from Android devices and then uploaded them to a Chinese server. With the backlash of the Moplus SDK reaching as many as 100 million Android devices, there is a sense of urgency to put a stop to its spread.