January 20, 2016
Android.Cooee.1 was found on several unpopular and inexpensive Android devices in October 2015. A new case of Android firmware being infected with this malicious application proves that cybercriminals’ activity is gradually expanding as this malware was detected on Philips s307. Doctor Web specialists informed the producer about this incident. At the moment, Philips is considering possible solutions to the problem.
Android.Cooee.1 is a malicious launcher (Android graphical shell) that, apart from its standard functions, displays annoying advertisements and downloads and installs different software. In particular, Android.Cooee.1 is capable of displaying advertisements in the status bar, in full screen, or on top of running applications. It also can show video advertisements and animation on the home screen. It should be noted that the Trojan starts performing its malicious activities not right after the first running of the system but some time later. As a result, the true source of annoying notifications stays unnoticed because an owner of an infected device believes that advertisements are shown by applications that were installed during device usage.
Considering that Android.Cooee.1 is, in fact, a system program, software downloaded by this malware is installed without user knowledge. At that, the range of the downloaded applications is extremely wide: from benign games and web browsers to various malicious programs, such as SMS and downloader Trojans, and even banking Trojans that are able to covertly steal money from users’ bank accounts.
As Android.Cooee.1 is incorporated into the firmware, you cannot get rid of the Trojan by restoring default settings of the device. One of the possible solutions is to gain root privileges. However, even if such privileges are successfully gained, removal of Android.Cooee.1 will render the device “dead”. The fact is that the launcher program, that contains the Trojan, is responsible for the normal system loading. That is why, before removing the malicious application, it is necessary to install an alternative launcher and set it as default. Moreover, if you gain root privileges, your official manufacturer’s warranty becomes invalid. Besides, there is a high risk of making the device non-operational if its firmware or system files are treated by an inexperienced user. Therefore, the safest solution for victims of Android.Cooee.1 is to contact the manufacturer of the device and ask them to release a firmware update without the Trojan.
Obviously, if you want to safe your device, it is not enough to download applications only from trusted sources. Virus makers more and more often preinstall malware directly on Android devices that you can buy on the Internet or in a store. Thus, Doctor Web security researchers strongly recommend Android users to install a reliable anti-virus software that not only prevents penetration of malware and unwanted applications, but also detects Trojans in firmware.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.