A software development kit that has been provided by Baidu (A Chinese search engine) can easily be exploited for installing backdoors on Android devices.
About 100 million users are in danger of getting affected due to this vulnerability as according to Trend Micro‘s report the SDK has been used to make 14,112 Android applications till now. Out of these 14,112 Android applications, 4014 have been made by Baidu itself.
This SDK is known as Moplus and on opening it launches an HTTP server. The HTTP server runs in the background and the users hardly have any idea about it.
The server can be controlled by the hackers and they can send commands through a particular port to execute their commands. Currently, researchers found SDK using 2 ports i.e. 6529 and 40310.
But, you must be wondering how come hackers are able to handle the server so easily? Well, HTTP is a web server which is launched by SDK on startup so for hackers they only need to scan the mobile networks and find the ports they are looking for, next is sending the commands to the ports to execute.
Here is a list of tasks hackers can ask for ports to execute:
* Get phone details
* Send SMS messages from the phone
* Make phone calls
* Add new contacts
* Download files on the device
* Upload files from the device
* Get a list of local apps
* Install apps
* Push Web pages
* Trace phone’s geolocation.
Baidu has now been notified of the issues and they have updated the SDK by limiting some of its functions. Like it cannot download or upload files, scan for local apps and add new contacts.
But, it was not before Trend Micro researchers found SDK for a malware. The malware they found is known as “ANDROIDOS_WORMHOLE.HRXA.” The Wormhole vulnerability was originally identified by a Chinese IT security company Woo Yun.
If you own an Android device watch out for malware and don’t download apps from a third-party platform. Such platforms upload apps without scanning or verification and most of them are developed for the purpose of snooping into your device.