BLU Studio X8 has Self-installing Malware in its Firmware

James Lockmuller, a Network manager who bought 11 BLU Studio X8 phones via Amazon. This was an effort to communicate better with his employees spread out across a 73,000 square-foot campus. The only application installed in the OS of the phones was Skype, and with that, things went awry.

“After 14 days of acting normal, an app called Setting installed itself mysteriously on the handsets, giving itself full permissions over the phones,” Lockmuller said. “The phone started popping up installers and displaying ads for other apps. I uninstalled Setting and everything else I could. But the apps kept reinstalling themselves.”

This, ladies and gentlemen, is a virus that spreads malware and other sorts of adware. The obvious assumption would be that Lockmuller installed the virus program by mistake? The answer to that is “No”.

“These phones only had one app installed. Skype, directly from the Google Play app store. After installing Skype, I disabled the app store completely as well as the browser. This is not an issue that rode along with a bad app or from browsing the internet” said Lockmuller.

The phone manufacturers got contacted by Threatpost and they responded to James’ claims with this statement. “We believe this to be a customer error in which the end user must have downloaded an app with ads or clicked on a website ad that must have caused spam ads to appear. Whether the customer did or did not update his device, a Studio X8 HD would never exhibit this type of behavior.”

According to the CEO of the company, Samuel Ohev-Zion. The incident that happened across 11 different phones was caused due to negligence and unsafe browsing. However, one look at the Amazon page of the product shows evidence of the contrary. This has been happening to multiple users in different circumstances.

So, what is happening here? Well, according to the mobile research firm Lookout. the culprit behind the mysterious app installs and bombardment of ads was the firmware BLU used, China-based Adups Technology. This firmware was found previously to be syphoning the user data of BLU consumers.

Lookout concluded the BLU Studio X8 HD phones running the adware was running used Adups firmware build 13. That firmware was also running on all of Lockmuller’s phones and two of the Lookout phones. After the forensic research, Lookout came to the conclusion that this wasn’t a user-end problem. The point of infection was via a malicious ad component downloaded silently via Adups’ advertising backend platform.

The virus in question is a hybrid between Shedun and Ztorg Malware, an auto-root Android malware.  This malware is so dangerous; it literally is over for the user once its installed. “Once you get the initial infection on the phone, all bets are off. The malware just keeps installing more ad components, more apps and everything overlays everything else and the phone runs out of space and it just becomes totally unusable.” Said Andrew Blaich, a researcher at Lookout.