ADUPS, the Chinese Android firmware maker company that has been blacklisted by Google, has found to be compromising devices by Barnes and Noble. The same Android malware was initially spotted on some smartphone models by BLU.
By compromising the sensitive user data, ADUPS has the capabilities to transmit private information to some Chinese servers. The data theft is well documented by Kryptowire. According to the published report, ADUPS agent is capable of transmitting SMS, call logs, contacts, IMEI number, command injection, remote user application installs and updates, performing firmware updates, remote execution and privilege escalation.
Among all the infected devices, the latest tablet device from Barnes and Noble called BNTV450 is appeared to have a certain presence of the ADUPS agent.
The Department of Homeland Security in the US issued a notice to ADUPS for spreading malware. Google also blacklisted the ADUPS apk agent in Android Compatibility Test Suite (CTS).
New York City-based Barnes and Noble is likely to release a patch to fix the vulnerability issue on its devices. Meanwhile, users are recommended to use only authenticated services to store their data such as call logs, contacts and messages.