Star N9500 Chinese smartphone ships with pre-loaded spyware

Brittany A. Roston - Jun 17, 2014, 10:52 pm CDT
Star N9500 Chinese smartphone ships with pre-loaded spyware

Allegations that the Chinese government is using smartphones to spy on other nations have been around for a while – back in October 2012, for example, US lawmakers expressed concern over potential espionage. Despite the White House having found no evidence to support the concern, many have still proceeded carefully with the use of Chinese handsets, and now one has been spotted with pre-loaded spyware.

The Star N9500 is a Galaxy S4 knockoff smartphone available online through various Internet retailers including According to the folks at G DATA, this handset also has a nefarious underbelly — Chinese spyware. The handset ships pre-loaded with a malware version of the Play Store that facilities a wide range of spying.

With this software, the user’s personal information is shuttled off to a server located in China, and apps are installed on their own without user consent. Data like online banking details can be intercepted, as well as calls and texts, and both the microphone and camera can be remotely activated.

During our poking around, we spotted some reports of possible spyware from more than a year ago. Amazon user Cevyn L. Miles-monaghan, for example, posted a review on the retailer’s website back in August 2013 saying Chinese apps would randomly install on their own, and that links to Chinese websites would appear on the homescreen, but that there was no centralized app that could be identified as the cause.


The folks at G DATA say they investigated the handset after being tipped off about issues like this, and ultimately discovered that the phones ship with the Android.Trojan.Uupay.D trojan masquerading as the Google Play Store. In addition to giving unknown individuals complete access to the phones, the trojan also stops security updates from being installed to the handset.

Unfortunately, there’s no information on where this information ends up, except that its destination is an anonymous server located within China. This posses a serious threat to users’ privacy and data, leaving them at risk of identity theft, financial breaches, and even (though perhaps unlikely) things like blackmail, given the amount of personal details intercepted. Anyone using the handset should stop immediately, and, needless to say, the handset should be crossed off your shopping list.


Must Read Bits & Bytes