HackDig : Dig high-quality web security articles for hacker

Chinese Trojan Comes Pre-Installed on Devices in Asia and Africa

2014-12-05 18:15

Supply chain corrupted, malware can install other threats

  Some Tecno devices come with built-in malware
Some low-end smartphones and tablets sold in countries in Asia and Africa have been found to come laden with a Trojan of Chinese origin that becomes active only under certain conditions.
5 photosVIEW ALL 

Some low-end smartphones and tablets sold in countries in Asia and Africa have been found to come laden with a Trojan of Chinese origin that becomes active only under certain conditions.

The malware has been dubbed DeathRing and it poses as a ringtone app embedded in the system folder of the device, making it impossible to remove. This indicates that the supply chain has been corrupted at some point.

Malware can download additional threats

Mobile security company Lookout says that DeathRing is present on some products provided by third-tier manufacturers, the most affected countries being Vietnam, Indonesia, India, Nigeria, Taiwan, and China.

Infections have been spotted in other countries too, Kenya, Tanzania and Uganda being among them.

The capabilities of the Trojan include downloading short text messages and WAP content from its command and control server. This is done to trick victims into disclosing personal information that can be used for subsequent malicious activities.

It can also download additional APKs, which would increase the malware controller’s access to the information stored on the device.

Researchers say that DeathRing does not activate right away and that it starts working only after five device reboots or “after the victim has been away and present at the device at least fifty times.”

Samsung clones have been laced with malware

A list of affected devices is provided by Lookout, and it includes both low-end entries and clones of products from reputable manufacturers such as Samsung (Galaxy S4, Note II).

Other titles identified by Lookout are TECNO phones, Gionee Gpad G1/GN708W/GN800, Polytron Rocket S2350, Hi-Tech Amaze Tab, Karbonn TA-FONE A34/A37, Jiayu G4S, and Haier H7.

According to the company, the detection is moderate at the moment, but this does not make it any less of a serious threat considering that the malware is embedded and that cheaper products are more widespread.

This is not the first time malware has been found to be embedded in mobile phones. In April, the same company identified Mouabad, which was delivered in a similar manner and mostly affected countries in Asia.

In June, G Data reported spyware built into N9500 Android devices from Chinese manufacturer Star.

Vigilance and installing an anti-malware mobile solution seem to be the only weapons against falling victim to this kind of threat. Apart from a security solution, Lookout recommends verifying the origin of the purchased device and checking the phone bill for suspicious charges on a regular basis.


Source: WY0NnbJ1SZyBVLzVWbvNULuFmavJHVtU2cl5WaoN0LzdXZu9SbvNmLhlGZlBHdm92cuM3dl52LvoDc0RHa/ca.ssr.dps

Read:1587 | Comments:0 | Tags:Security

“Chinese Trojan Comes Pre-Installed on Devices in Asia and Africa”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud