Jump to content
Sign in to follow this  
Aerosol

'DeathRing' Chinese Malware Found Pre-Installed On Several Smartphones

Recommended Posts

Mobile-Malware.jpg

Malware authors are trying hard to create malicious software with more innovative ways to infect victims. A new mobile Trojan horse infection has been discovered by security researchers that comes pre-loaded onto low-cost Chinese-made Android smartphones popular in Asia and Africa.

The trojan, dubbed DeathRing, is a Chinese Trojan that masquerades as a ringtone app and comes pre-installed onto some cheap Android smartphones most popular in Asian and African countries including Vietnam, Indonesia, India, Nigeria, Taiwan, and China.

DeathRing malware app cannot be uninstalled or removed by the end user or by antimalware software because it comes pre-installed in the system directory of the handsets at an unknown point within the supply chain, making the threat even more severe.

WHAT DOES DEATHRING DO?

Though the malware pretends to be a genuine ringtone app, but actually downloads SMS and WAP content from its command-and-control server to the victim’s handset, which gives it potential to phish user’s sensitive data through fake text messages.

"DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data," the security firm LookOut wrote in a blog post. "It may also use WAP, or browser

, content to prompt victims to download further APKs - concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data."

AFFECTED SMARTPHONE HANDSETS

DeathRing malware pre-loaded on a number of entry-level phones sold by third-tier manufacturers to developing countries and according to the security firm, the handsets affected are:

  • Counterfeit Samsung GS4/Note II
  • A variety of TECNO devices
  • Gionee Gpad G1
  • Gionee GN708W
  • Gionee GN800
  • Polytron Rocket S2350
  • Hi-Tech Amaze Tab
  • Karbonn TA-FONE A34/A37
  • Jiayu G4S – Galaxy S4 clones,
  • Haier H7
  • a i9502+ Samsung clone by an unspecified manufacturer

However, DeathRing is not the first pre-installed mobile malware spotted by the firm. Earlier this year, LookOut discovered another pre-loaded piece of malware called Mouabad on devices sold by retailers in China, India, and the Philippines. Similar to DeathRing, Mouabad is also somewhere pre-loaded in the supply chain and affected predominantly Asian countries.

Source

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...