A Chinese court has convicted the Chinese manufacturer of low-cost smartphones Gionee for installing malware on more than 20 million devices sold between December 2018 and October 2019.
According to the report, the company used a subsidiary, Shenzhen Zhipu Technology Co. Ltd to plant a “Trojan horse” to profit from unsolicited ads and other malicious activities without the user’s knowledge.
The smartphones were infected through a feature known as “Active Code Update.” Allows remote update of a device as soon as an update file is available on the company Server. With this method, Shenzhen Zhipu was able to bypass all the security measures implemented by the application and install the Trojan directly. As a result, a plugin called “Dark Horse” was installed without the user’s knowledge.
The Shenzhen Zhipu injected a Trojan into a software update using the application called Story Lock Screen. The Dark Horse program infected the first devices in December 2018. Actual exploitation of the Trojan continued until October 2019.
During the security breach period, Gionee made about $4.2 million, directly affecting 21.75 million mobile phones.
With the conviction, which has no appeal, four executives from Gionee’s steering committee were arrested. Xiu Li, Zhu Ying, Jia Zhengqiang, and Pan Qi were found guilty of illegal monitoring of mobile devices and sentenced to 3 to 3.5 years in prison, as well as a 200,000 yuan (about $ 30,000) fine.
