Accessibility Statement Skip Navigation
  • Resources
  • Blog
  • Journalists
  • +44 (0)20 7454 5110
  • Client Login
  • Send a Release
Return to PR Newswire homepage
  • News
  • Products
  • Contact
When typing in this field, a list of search results will appear and be automatically updated as you type.

Searching for your content...

No results found. Please change your search terms and try again.
  • News in Focus
      • Browse News Releases

      • All Public Company News
      • All Multimedia News
      • View All News Releases

      • Regulatory News

      • D/A/CH Regulatory News
      • UK Regulatory News
      • View All Regulatory News

  • Business & Money
      • Auto & Transportation

      • Aerospace & Defense
      • Air Freight
      • Airlines & Aviation
      • Automotive
      • Maritime & Shipbuilding
      • Railroads & Intermodal Transportation
      • Supply Chain/Logistics
      • Transportation, Trucking & Railroad
      • Travel
      • Trucking & Road Transportation
      • View All Auto & Transportation

      • Business Technology

      • Blockchain
      • Broadcast Tech
      • Computer & Electronics
      • Computer Hardware
      • Computer Software
      • Data Analytics
      • Electronic Commerce
      • Electronic Components
      • Electronic Design Automation
      • Financial Technology
      • High Tech Security
      • Internet Technology
      • Nanotechnology
      • Networks
      • Peripherals
      • Semiconductors
      • View All Business Technology

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film & Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Financial Services & Investing

      • Accounting News & Issues
      • Acquisitions, Mergers & Takeovers
      • Banking & Financial Services
      • Bankruptcy
      • Bond & Stock Ratings
      • Conference Call Announcements
      • Contracts
      • Cryptocurrency
      • Dividends
      • Earnings
      • Earnings Forecasts & Projections
      • Financing Agreements
      • Insurance
      • Investments Opinions
      • Joint Ventures
      • Mutual Funds
      • Private Placement
      • Real Estate
      • Restructuring & Recapitalisation
      • Sales Reports
      • Shareholder Activism
      • Shareholder Meetings
      • Stock Offering
      • Stock Split
      • Venture Capital
      • View All Financial Services & Investing

      • General Business

      • Awards
      • Commercial Real Estate
      • Corporate Expansion
      • Earnings
      • Environmental, Social and Governance (ESG)
      • Human Resource & Workforce Management
      • Licensing
      • New Products & Services
      • Obituaries
      • Outsourcing Businesses
      • Overseas Real Estate (non-US)
      • Personnel Announcements
      • Real Estate Transactions
      • Residential Real Estate
      • Small Business Services
      • Socially Responsible Investing
      • Surveys, Polls & Research
      • Trade Show News
      • View All General Business

  • Science & Tech
      • Consumer Technology

      • Artificial Intelligence
      • Blockchain
      • Cloud Computing/Internet of Things
      • Computer Electronics
      • Computer Hardware
      • Computer Software
      • Consumer Electronics
      • Cryptocurrency
      • Data Analytics
      • Electronic Commerce
      • Electronic Gaming
      • Financial Technology
      • Mobile Entertainment
      • Multimedia & Internet
      • Peripherals
      • Social Media
      • STEM (Science, Tech, Engineering, Math)
      • Supply Chain/Logistics
      • Wireless Communications
      • View All Consumer Technology

      • Energy & Natural Resources

      • Alternative Energies
      • Chemical
      • Electrical Utilities
      • Gas
      • General Manufacturing
      • Mining
      • Mining & Metals
      • Oil & Energy
      • Oil & Gas Discoveries
      • Utilities
      • Water Utilities
      • View All Energy & Natural Resources

      • Environ­ment

      • Conservation & Recycling
      • Environmental Issues
      • Environmental Policy
      • Environmental Products & Services
      • Green Technology
      • Natural Disasters
      • View All Environ­ment

      • Heavy Industry & Manufacturing

      • Aerospace & Defence
      • Agriculture
      • Chemical
      • Construction & Building
      • General Manufacturing
      • HVAC (Heating, Ventilation & Air-Conditioning)
      • Machinery
      • Machine Tools, Metalworking & Metallurgy
      • Mining
      • Mining & Metals
      • Paper, Forest Products & Containers
      • Precious Metals
      • Textiles
      • Tobacco
      • View All Heavy Industry & Manufacturing

      • Telecomm­unications

      • Carriers & Services
      • Mobile Entertainment
      • Networks
      • Peripherals
      • Telecommunications Equipment
      • Telecommunications Industry
      • VoIP (Voice over Internet Protocol)
      • Wireless Communications
      • View All Telecomm­unications

  • Lifestyle & Health
      • Consumer Products & Retail

      • Animals & Pets
      • Beers, Wines & Spirits
      • Beverages
      • Bridal Services
      • Cannabis
      • Cosmetics & Personal Care
      • Fashion
      • Food & Beverages
      • Furniture & Furnishings
      • Home Improvement
      • Household, Consumer & Cosmetics
      • Household Products
      • Jewellery
      • Non-Alcoholic Beverages
      • Office Products
      • Organic Food
      • Product Recalls
      • Restaurants
      • Retail
      • Supermarkets
      • Toys
      • View All Consumer Products & Retail

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film & Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Health

      • Biometrics
      • Biotechnology
      • Clinical Trials & Medical Discoveries
      • Dentistry
      • FDA Approval
      • Fitness/Wellness
      • Health Care & Hospitals
      • Health Insurance
      • Infection Control
      • International Medical Approval
      • Medical Equipment
      • Medical Pharmaceuticals
      • Mental Health
      • Pharmaceuticals
      • Supplementary Medicine
      • View All Health

      • Sports

      • General Sports
      • Outdoors, Camping & Hiking
      • Sporting Events
      • Sports Equipment & Accessories
      • View All Sports

      • Travel

      • Amusement Parks & Tourist Attractions
      • Gambling & Casinos
      • Hotels & Resorts
      • Leisure & Tourism
      • Outdoors, Camping & Hiking
      • Passenger Aviation
      • Travel Industry
      • View All Travel

  • Policy & Public Interest
      • Policy & Public Interest

      • Animal Welfare
      • Corporate Social Responsibility
      • Economic News, Trends & Analysis
      • Education
      • Environmental
      • European Government
      • Labour & Union
      • Natural Disasters
      • Not For Profit
      • Public Safety
      • View All Policy & Public Interest

  • People & Culture
      • People & Culture

      • Aboriginal, First Nations & Native American
      • African American
      • Asian American
      • Children
      • Diversity, Equity & Inclusion
      • Hispanic
      • Lesbian, Gay & Bisexual
      • Men's Interest
      • People with Disabilities
      • Religion
      • Senior Citizens
      • Veterans
      • Women
      • View All People & Culture

  • Overview
  • Distribution
  • Paid Placement
  • Multimedia
  • Disclosure Services
  • SocialBoost
  • Rooms
    • MediaRoom
    • ESG Rooms
  • AI Tools
  • General Enquiries
  • Media Enquiries
  • Partnerships
  • Hamburger menu
  • Cision PR Newswire UK provides press release distribution, targeting, monitoring, and marketing services
  • Send a Release
    • Phone

    • +44 (0)20 7454 5110 from 8 AM - 5:30 PM GMT

    • ALL CONTACT INFO
    • Contact Us

      +44 (0)20 7454 5110
      from 8 AM - 5:30 PM GMT

  • Client Login
  • Send a Release
  • Resources
  • Blog
  • Journalists
  • News in Focus
    • Browse News Releases
    • Regulatory News
  • Business & Money
    • Auto & Transportation
    • Business Technology
    • Entertain­ment & Media
    • Financial Services & Investing
    • General Business
  • Science & Tech
    • Consumer Technology
    • Energy & Natural Resources
    • Environ­ment
    • Heavy Industry & Manufacturing
    • Telecomm­unications
  • Lifestyle & Health
    • Consumer Products & Retail
    • Entertain­ment & Media
    • Health
    • Sports
    • Travel
  • Policy & Public Interest
    • Policy & Public Interest
  • People & Culture
    • People & Culture
  • Client Login
  • Send a Release
  • Resources
  • Blog
  • Journalists
  • Overview
  • Distribution
  • Paid Placement
  • Multimedia
  • Disclosure Services
  • Cision Communications Cloud®
  • AI Tools
  • Client Login
  • Send a Release
  • Resources
  • Blog
  • Journalists
  • General Enquiries
  • Media Enquiries
  • Partnerships
  • Client Login
  • Send a Release
  • Resources
  • Blog
  • Journalists

Palo Alto Networks Uncovers Backdoor In Android Devices Sold by Coolpad

This image opens in the lightbox

News provided by

Palo Alto Networks

17 Dec, 2014, 16:56 GMT

Share this article

Share toX

Share this article

Share toX

-- "CoolReaper" potentially affects 24 Android phone models and over 10 million users

SANTA CLARA, California, Dec. 17, 2014 /PRNewswire/ -- Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, today revealed details of a backdoor contained in millions of Android-based mobile devices sold by Coolpad, one of the world's largest smartphone manufacturers based in China. The backdoor, named "CoolReaper," exposes users to potential malicious activity and appears to have been installed and maintained by Coolpad despite objections from customers.

Logo - http://photos.prnewswire.com/prnh/20130508/SF04701LOGO

It is common for device manufacturers to install software on top of Google's Android mobile operating system to provide additional functionality and customization to Android devices, and some mobile carriers install applications that gather data on device performance. Following detailed analysis by Unit 42, the Palo Alto Networks threat intelligence team, CoolReaper appears to operate well beyond the collection of basic usage data, acting as a true backdoor into Coolpad devices. Coolpad also appears to have modified a version of the Android OS to make it much more difficult for antivirus programs to detect the backdoor.

CoolReaper, which was discovered by Palo Alto Networks researcher Claud Xiao, has been identified on 24 phone models sold by Coolpad, meaning a potential impact to over 10 million users based on publicly-obtainable Coolpad sales information.

QUOTE:

  • "We expect Android manufacturers to pre-install software onto devices that provide features and keep their applications up to date. But the CoolReaper backdoor detailed in this report goes well beyond what users might expect, giving Coolpad complete control over the affected devices, hiding the software from antivirus programs, and leaving users unprotected from malicious attackers. We urge the millions of Coolpad users who may be impacted by CoolReaper to inspect their devices for presence of the backdoor and to take measures to protect their data."
    – Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks

Background and effects of CoolReaper
The full findings related to CoolReaper were published today in "CoolReaper: The Coolpad Backdoor," a new report from Unit 42 written by Claud Xiao and Ryan Olson. In the report, Palo Alto Networks has also published a list of files to check for in Coolpad devices that may indicate the presence of the CoolReaper backdoor.

As observed by researchers, CoolReaper can perform each of the following tasks, any of which might put sensitive user or corporate data at risk. In addition, malicious attackers could exploit a vulnerability found in CoolReaper's back-end control system.

CoolReaper can:

  • Download, install, or activate any Android application without user consent or notification.
  • Clear user data, uninstall existing applications, or disable system applications.
  • Notify users of a fake over-the-air (OTA) update that doesn't update the device, but installs unwanted applications.
  • Send or insert arbitrary SMS or MMS messages into the phone.
  • Dial arbitrary phone numbers.
  • Upload information about the device, its location, application usage, calling and SMS history to a Coolpad server.

Coolpad acknowledgment
Unit 42 began observing what came to be known as CoolReaper following numerous complaints from Coolpad customers in China posted to Internet message boards. In November, a researcher working with Wooyun.org identified a vulnerability in the back-end control system for CoolReaper, which made clear how Coolpad itself controls the backdoor in the software. In addition, a Chinese news site, Aqniu.com, reported some details of the backdoor's existence and its abuses in an article published November 20, 2014.

As of December 17, 2014, Coolpad did not respond to multiple requests for assistance by Palo Alto Networks. Google's Android Security Team also has been provided with the data contained in the report.

Protecting users
All known samples of CoolReaper have been marked as malicious in WildFire™, a key component of the Palo Alto Networks Threat Intelligence Cloud that helps identify threats from applications by executing them in a virtual environment, and automatically sharing them with Palo Alto Networks GlobalProtect to identify affected devices.

In addition, all known Command & Control URLs used by CoolReaper are identified as malicious in Palo Alto Networks Threat Prevention products, allowing customers to prevent data exfiltration, even if the Command & Control servers or URLs change.

Palo Alto Networks has also made signatures available to detect and block malicious CoolReaper Command & Control traffic, which are effective even if the Command & Control server changes to a new location.

The CoolReaper findings further reinforce the need for comprehensive mobile security using a combination of traffic inspection along with threat intelligence for both the detection and prevention of dangerous applications. GlobalProtect from Palo Alto Networks provides organizations with protection against advanced cyber threats, including the ability to continuously analyze mobile content for covert or malicious activity.

To learn more

  • Download CoolReaper: The Coolpad Backdoor: https://www.paloaltonetworks.com/resources/research/cool-reaper.html
  • Visit the Unit 42 Research Center for new research, updates and confirmed speaking appearances: https://www.paloaltonetworks.com/threat-research.html
  • Subscribe to regular research and analysis from the Unit 42 blog: http://researchcenter.paloaltonetworks.com/unit42/
  • Learn more about Palo Alto Networks enterprise security platform and how it provides protections for CoolReaper: https://www.paloaltonetworks.com/products/platforms.html
  • Meet Unit 42 team leads at Ignite 2015, where your toughest security challenges get solved. Register now to join Palo Alto Networks in Las Vegas, March 30-April 1, 2015.

About Unit 42
Unit 42, the Palo Alto Networks threat intelligence team, is made up of accomplished cybersecurity researchers and industry experts. Unit 42 gathers, researches and analyzes up-to-the-minute threat intelligence, sharing insights with Palo Alto Networks customers, partners and the broader community to better protect organizations. Unit 42 team leads regularly appear at industry conferences throughout the world.

About Palo Alto Networks
Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today's dynamic computing environments: applications, users, and content. Find out more at www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Related Links

http://www.paloaltonetworks.com

Modal title

Contact PR Newswire

  • +44 (0)20 7454 5110
    from 8 AM - 5:30 PM GMT
  • General Enquiries
  • Media Enquiries
  • Partnerships

Products

  • Content Distribution
  • Multimedia Services
  • Disclosure Services
  • Cision Communications Cloud®

About

  • About PR Newswire
  • About Cision
  • Partnering Opportunities
  • Careers
  • APAC
  • APAC - Simplified Chinese
  • APAC - Traditional Chinese
  • Brazil
  • Canada
  • Czech
  • Denmark
  • Finland
  • France
  • Germany
  • India
  • Indonesia
  • Israel
  • Japan
  • Korea
  • Mexico
  • Middle East
  • Middle East - Arabic
  • Netherlands
  • Norway
  • Poland
  • Portugal
  • Russia
  • Slovakia
  • Spain
  • Sweden
  • United States
  • Vietnam

My Services

  • All News Releases
  • Customer Portal
  • Resources
  • Blog
  • Journalists
  • Data Privacy

Do not sell or share my personal information:

  • Submit via Privacy@cision.com 
  • Call Privacy toll-free: 877-297-8921

Contact PR Newswire

Products

About

My Services
  • All News Releases
  • Customer Portal
  • Resources
  • Blog
  • Journalists
+44 (0)20 7454 5110
from 8 AM - 5:30 PM GMT
  • Terms of Use
  • Privacy Policy
  • Information Security Policy
  • Site Map
  • RSS
  • Cookie Settings
Copyright © 2025 PR Newswire Europe Limited. All Rights Reserved. A Cision company.