Chinese OEM Coolpad Installed 'Coolreaper' Backdoor Software On Millions Of Smartphones

Chinese OEMs are stepping up their game in the smartphone sector. Companies like Huawei and Xiaomi have bolstered their share of the market, with the latter booting Samsung out of first place in China. One Chinese OEM, however, is looking to expand its presence in the smartphone world while at the same time partaking in nefarious acts.

Palo Alto Networks has discovered that Chinese OEM Coolpad has been installing a backdoor called “CoolReaper” on the millions of smartphones that it sells around the globe. Coolpad has taken additional steps to ensure that its CoolReaper backdoor goes undetected by widely available antivirus programs for the Android operating system.

Palo Alto Networks’ investigation found that CoolReaper was installed on 24 distinct smartphone models sold by Coolpad, which leaves over 10 million customers open to attacks by malicious third-parties.

coolpad metropcs

“The CoolReaper backdoor detailed in this report goes well beyond what users might expect, giving Coolpad complete control over the affected devices, hiding the software from antivirus programs, and leaving users unprotected from malicious attackers,” stated Palo Alto Networks’ Ryan Olsen.

The wide-ranging access granted by CoolReaper includes the ability to download, install, and activate any Android app without user intervention; dial random phone numbers; disable system services and user applications; and upload device information and app usage to Coolpad servers.  And this is just the tip of the iceberg; CoolReaper is capable of inflicting even more damage to a customer’s smartphone.

Other capabilities of CoolReaper include functionality that allows it to push fake over-the-air (OTA) updates to devices and the capability to send or insert arbitrary SMS/MMS messages onto a smartphone.

Not surprisingly, Coolpad has failed to respond to all requests by Palo Alto Networks for comment on CoolReaper. Coolpad needs to be held accountable for these accusations and if true, customers should respond by taking their business elsewhere as this is a serious breach of consumer privacy.

In addition to the blog posting discussing the matter, Palo Alto Networks has also posted a new report entitled “CoolReaper: The Coolpad Backdoor” which you can view here.