New Android vulnerability affects 100 million users

Another day, another reason why your Android is terribly vulnerable.

Baidu, China’s search engine (Since they banned Google), offers a software development kit(SDK), that can be used to gain access through a backdoor in an Android device.

Moplus, the SDK, is already on approximately 14,000 Android apps, 4,000 of which were created by Baidu. More than 100 million people already have these apps on their phones, and are vulnerable.

The vulnerability, dubbed the Wormhole, was discovered by WooYun.og, a vulnerability reporting platform in China.  However, researchers at Trend Micro have been studying the vulnerability, and have come up with some interesting pieces of information:

“We found out that the Moplus SDK has backdoor functionalities that are not necessarily due or related to a vulnerability. Currently, people perceived that the issue lies in access permission control of Moplus SDK and how it should limit this access. Hence, the notion that it is vulnerability-related when in actual this SDK has backdoor routines such as pushing phishing pages, inserting arbitrary contacts, sending fake SMS, uploading local files to remote servers, and installing any applications to the Android devices without user’s authorization.   “

The vulnerability is considered to be critical because it only requires attackers to connect to the internet and scan mobile network IP addresses for any that have the Moplus STTP server ports open.  At that point, they can send requests to the servers, and can receive sensitive information back, or even install malicious apps on a device.

Both Baidu and Google have been warned about the issues surrounding the Moplus SDK, and are removing, or or changing the lines of code that are the root of the problem.  Both will be cleaning up the code through their next updates.

The same sort of malicious functionality was discovered in another SDK a few weeks ago that affected iOS apps.  Apple has already banned those apps from the App Store.


For information on how you can prevent your organization from being breached, visit or call 714-515-4011.


Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *