The German BSI (Federal Office for Security in IT) has put out a warning for 4 Chinese made Android devices, the Doogee BL7000, the M Horse Pure 1, the Keecoo P11 and the VKworld Mix Plus.
BSI had carried out a test, buying cheap Chinese smartphones from online shops and checking them for malware. The 4 models listed were found to be infected with Andr/Xgen2-CY. The malware transfers information from the device to a C&C server and also has the ability to download additional modules, such as banking trojans.
BSI reported that the malware is too deeply anchored in the device to be effectively removed by the user.
The BSI recommends users not use the Doogee BL700 or M Horse Pure 1 devices and seek to get a refund or a non-infected device through the retailer.
The Keecoo P11 has a clean update available, V3.04 (V362HH.SHWY.HB.HJ.P3.0315.V3.04), users of these phones should perform an over the air update and get the clean version. Because the trustworthiness of future updates can’t be guaranteed, it is also recommended to look for an alternative device.
On the VKWorld Mix Plus, the malware was not activated.
The platforms that were selling the devices have temporarily removed them from their shops, after the results were communicated to them by the BSI.