As per the report published in The New York Times, it is explored by Department of Homeland Security in the US. They have even issued a CERT advisory about the vulnerability. 
Users who have installed certain software from Shanghai Adups Technology, has become backdoor on certain Android devices. Due to this over 3 Million Android devices are vulnerable to Man in the Middle attack. In other words, hackers can even fully control your devices.
User’s calls, messages and other information is vulnerable. The attack hits at root level and sends device information and more to a server in China, and to two domain names that were hard-wired into the affected handset’s firmware. Until now, 2.8 million devices are affected from this vulnerability.
Department of Homeland Security has flagged Huawei, BLU and ZTE devices as prone to the vulnerability. Here’s a list of devices which have got warning regarding the threat:
- BLU Studio G
- BLU Studio G Plus
- BLU Studio 6.0 HD
- BLU Studio X
- BLU Studio X Plus
- BLU Studio C HD
- Infinix Hot X507
- Infinix Hot 2 X510
- Infinix Zero X506
- Infinix Zero 2 X509
- DOOGEE Voyager 2 DG310
- LEAGOO Lead 5
- LEAGOO Lead 6
- LEAGOO Lead 3i
- LEAGOO Lead 2S
- LEAGOO Alfa 6
- IKU Colorful K45i
- Beeline Pro 2
- XOLO Cube 5.0
You can read more about he issue over CERT.
