Among the main trends of the past year may be noted the emergence of a large number of pre-installed Android malware, which are invisible to users could download and install different SOFTWARE, and often showed the hype. One of these Trojans has become Android.Cooee.1, built-in GUI several budget smartphones the production of a number of little-known Chinese companies. Apparently, the attackers decided not to stop and continued unsafe practices in the next year: the specialists of "Doctor Web" revealed another case of the Android implementation.Cooee.1 for Android device, and this time the "surprise" awaited buyers of smartphones from well-known electronics manufacturer.
The First information about the Android.Cooee.1 appeared in October 2015, when the malware was detected at several budget Android smartphones from, to put it mildly, not the most famous brands. New case detection of the malware showed that the unknown attackers appetite is gradually growing: the app has been discovered on a mobile device Philips s307. The specialists of "Doctor Web" has alerted about the incident the manufacturer, which is currently considering possible solutions to the problem.
Android.Cooee.1 is a created by the virus makers program-launcher (GUI Android OS), which in addition to the basic functions usually performed by such applications, shows abundant hype, and downloads and installs all sorts of SOFTWARE. In particular, Android.Cooee.1 is able to display ads in notification bar to display it in full screen or in a separate banner on top of running applications, to show the advertising videos and animations on the home screen of the OS.
It is Worth noting that the Trojan starts performing its malicious activities immediately after the start-up infected systems, but only after a certain period specified by the attackers. As a result, owners of infected devices can think that the cause of advertising programs that they had set at the time of use of the smartphone, and the real source of obtrusive notifications will remain undetected.
At the same time because Android.Cooee.1 actually is a system program installation downloadable them is hidden from users. The range of downloadable applications can be extremely wide: from harmless games and browsers to all sorts of Trojans, such as SMS senders, loaders and even banking Trojans that can quietly steal money from users ' accounts.
Because it comes preinstalled on the Philips s307, the Trojan is located directly in the firmware of the smartphone, reset to factory settings will not help to get rid of Android.Cooee.1. One of the possible ways to clean infected systems from malicious applications is to first obtain it root access. However, even if you manage to do it, simple removal Android.Cooee.1 with the device will disable the latter, since the program is a launcher, which is a Trojan that is responsible for the normal OS boot. For this reason, before deleting malicious applications you need to install an alternative launcher and set it up starting by default.
However, obtaining root access means the loss of official guarantee of the manufacturer, and any inept manipulation Android IOS and system files are accompanied by serious risk of getting completely outside the mobile device. Thus, for most of the victims from Android.Cooee.1 users the most secure solution would be to appeal directly to the manufacturer of an infected smart phone with a request to rectify the situation and release a firmware update in which the Trojan will already be absent.
This case clearly shows that the observance of basic safety rules, such as installing apps from trusted sources gradually becoming insufficient because attackers often introduce malware directly on the Android device that you can buy not only online but also in stores. In this regard, the specialists of "Doctor Web" suggest owners of Android-based smartphones and tablets to use a reliable antivirus which will not only prevent the intrusion of various malicious and unwanted programs in the system, but also to detect pre-installed in Android malware.