Supply chain corrupted, malware can install other threats

Dec 5, 2014 09:44 GMT  ·  By

Some low-end smartphones and tablets sold in countries in Asia and Africa have been found to come laden with a Trojan of Chinese origin that becomes active only under certain conditions.

The malware has been dubbed DeathRing and it poses as a ringtone app embedded in the system folder of the device, making it impossible to remove. This indicates that the supply chain has been corrupted at some point.

Malware can download additional threats

Mobile security company Lookout says that DeathRing is present on some products provided by third-tier manufacturers, the most affected countries being Vietnam, Indonesia, India, Nigeria, Taiwan, and China.

Infections have been spotted in other countries too, Kenya, Tanzania and Uganda being among them.

The capabilities of the Trojan include downloading short text messages and WAP content from its command and control server. This is done to trick victims into disclosing personal information that can be used for subsequent malicious activities.

It can also download additional APKs, which would increase the malware controller’s access to the information stored on the device.

Researchers say that DeathRing does not activate right away and that it starts working only after five device reboots or “after the victim has been away and present at the device at least fifty times.”

Samsung clones have been laced with malware

A list of affected devices is provided by Lookout, and it includes both low-end entries and clones of products from reputable manufacturers such as Samsung (Galaxy S4, Note II).

Other titles identified by Lookout are TECNO phones, Gionee Gpad G1/GN708W/GN800, Polytron Rocket S2350, Hi-Tech Amaze Tab, Karbonn TA-FONE A34/A37, Jiayu G4S, and Haier H7.

According to the company, the detection is moderate at the moment, but this does not make it any less of a serious threat considering that the malware is embedded and that cheaper products are more widespread.

This is not the first time malware has been found to be embedded in mobile phones. In April, the same company identified Mouabad, which was delivered in a similar manner and mostly affected countries in Asia.

In June, G Data reported spyware built into N9500 Android devices from Chinese manufacturer Star.

Vigilance and installing an anti-malware mobile solution seem to be the only weapons against falling victim to this kind of threat. Apart from a security solution, Lookout recommends verifying the origin of the purchased device and checking the phone bill for suspicious charges on a regular basis.

DeathRing (5 Images)

Some Tecno devices come with built-in malware
Polytron Rocket S2350 is among the affected devicesDeathRing malware is present on Hi-Tech Amaze Tab too
+2more