ADUPS Android Malware Infects Barnes & Noble

ADUPS is an Android "firmware provisioning" company based out of Shanghai, China. The software specializes both in Big Data collection of Android usage, and hostile app installation and/or firmware control. Google has blacklisted the ADUPS agent in its Android Compatibility Test Suite (CTS).

ADUPS recently compromised many BLU-phone models and was found to be directly transmitting call logs, SMS, contacts, location info, nd more from handsets within the US to Chinese servers using DES (weak) encryption.

The latest tablet from Barnes & Noble, the newly-released $49 BNTV450, has been found to include ADUPS. In the aftermath of the BLU data theft, ADUPS hostile data collection and control over Android may (or may not) be temporarily quelled, but harmful capability remains with the ADUPS agent. Devices running ADUPS should be considered under malicious control, and they should not be used with sensitive data of any kind.

ADUPS APK

The extent of the ADUPS BLU data theft was discovered and documented by Kryptowire, who learned that the ADUPS agent was capable of:

  • SMS Recording

  • SMS Transmission

  • IMEI Exfilration

  • IMSI (Transmission)

  • Call Log Transmission

  • Call Contact Information Transmission

  • Location Collection and Transmission

  • Command Injection

  • Remote User Application Update

  • Remote User Application Install

  • Transmit List of Installed Applications

  • Transmit order of application execution

  • Programmatic Firmware Update

  • Remote Execution and Privilege Escalation (without user notification or request)

  • IP Address (Transmission)

  • Name (*for contacts)

Significant subsets of this capability were exercised on individuals within the Unitied States, which was escalated to the Department of Homeland Security. A class action lawsuit investigation was launched against BLU by The Rosen Law Firm of New York, which is collecting class members and information for a damages assessment.

______________________

Charles Fisher has an electrical engineering degree from the University of Iowa and works as a systems and database administrator for a Fortune 500 mining and manufacturing corporation.