eBay has banned sales of Star N9500 smartphones after allegations of factory-installed spyware.
Germany security firm G Data reported that the Trojan spyware cannot be removed and sends personal data to a server located in China.
The spyware, which runs in the background and cannot be detected by end-users, can also install additional applications and block security updates. As a result, it can retrieve personal data, intercept calls and online banking data, read emails and text messages, and allow remote control of the camera and microphone.
The online auction site has implemented a global ban as a precautionary measure, but the handset remains on sale on Amazon, which could not be reached for comment, according to the BBC.
The Star N9500 closely resembles the popular Samsung Galaxy S4, but sells for about a third of the cost.
The Associated Press news agency has reported that although several Shenzhen-based firms use eBay and other sites to sell the Star handset, it had been unable to track down the manufacturer. It is unknown if the manufacturer is aware that the spyware is being installed as part of the production process.
In 2012, Microsoft reported that several PC makers in China had been loading malicious software onto their computers. Microsoft’s digital crimes unit stumbled across the malicious software during an investigation into Chinese manufacturers in August 2011.
This and other similar incidents have led security industry representatives to urge suppliers of hardware, software and services to beef up their supply chain security.
Read more on supply chain security
Q&A: Understanding -- and surviving -- supply-chain security issues
Security Think Tank: IP protection is as weak as the weakest link – fix the supply chain security
Expert says supply chain risk management needs to be on your radar