“The Trojan masquerades as a ringtone app, but instead can download SMS and WAP content from its command and control server to the victim’s phone. It can then use this content for malicious means.
For example, DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data. It may also use WAP, or browser, content to prompt victims to download further APKs — concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data.
The malware is activated in two ways — both dependent on the victim’s use of the phone. First, the malware will activate if the phone is powered down and rebooted five times. On the fifth reboot, the malware starts. Second, the malicious service will start after the victim has been away and present at the device at least fifty times.”
At this time, it’s unknown where along the supply chain the malware is loaded onto the phone.
I’d also encourage our readers to take this news with a grain of salt. Though these are some of the models found to have the software, it doesn’t mean that all copies have it. It could be only a very select few copies routed through an unscrupulous middle man or shop.
Malware dubbed 'DeathRing' has recently been found pre-installed in several China brands. At a thread on Chinaphonearena, some users are discussing this situation.
The models found to be affected so far are:
Counterfeit Samsung GS4/Note II
Various TECNO devices
Gionee Gpad G1
Gionee GN708W
Gionee GN800
Polytron Rocket S2350
Hi-Tech Amaze Tab
Karbonn TA-FONE A34/A37
Jiayu G4S - Galaxy...
Malware dubbed "DeathRing" has recently been found pre-installed in several China brands. <a href="http://www.chinaphonearena.com/forum/Thread-Android-smartphones-preloaded-with-malware" target="_blank">At a thread on Chinaphonearena, some users are discussing this situation.</a><span id="more-6137"></span>
<span style="text-decoration: underline;"><strong>The models found to be affected so far are:</strong></span>
<ul class="badandroid">
<li>Counterfeit Samsung GS4/Note II</li>
<li>Various TECNO devices</li>
<li>Gionee Gpad G1</li>
<li>Gionee GN708W</li>
<li>Gionee GN800</li>
<li>Polytron Rocket S2350</li>
<li>Hi-Tech Amaze Tab</li>
<li>Karbonn TA-FONE A34/A37</li>
<li>Jiayu G4S - Galaxy S4 Clone</li>
<li>Haier H7</li>
<li>No manufacturer specified i9502+ Samsung Clone</li>
</ul>
According to Lookout security:
<p style="padding-left: 30px;">"The Trojan masquerades as a ringtone app, but instead can download SMS and WAP content from its command and control server to the victim’s phone. It can then use this content for malicious means.</p>
<p style="padding-left: 30px;">For example, DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data. It may also use WAP, or browser, content to prompt victims to download further APKs — concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data.</p>
<p style="padding-left: 30px;">The malware is activated in two ways — both dependent on the victim’s use of the phone. First, the malware will activate if the phone is powered down and rebooted five times. On the fifth reboot, the malware starts. Second, the malicious service will start after the victim has been away and present at the device at least fifty times."</p>
At this time, it's unknown where along the supply chain the malware is loaded onto the phone.
I'd also encourage our readers to take this news with a grain of salt. Though these are some of the models found to have the software, it doesn't mean that all copies have it. It could be only a very select few copies routed through an unscrupulous middle man or shop.
Damian Parsonshttps://plus.google.com/107879368390224447304admin@gizbeat.comAdministratorHi, I'm Damian Parsons. I've been working with Android phones since the first Droid came out. I'm fascinated by computers and technology. My first BBS were ran on an old Apple IIc and Commodore 64. I work hard to bring the latest updates to you every day - without all the boring fluff. Please subscribe to keep up on the newest China tech.
See our forum -> www.chinaphonearena.comGizBeat
hammerman -December 12th, 2014 at 1:32 amnone
Comment author #30772 on Phishing Malware Found on Several China Brand Phones by GizBeat
Yikes….Good thing I root, install custom recovery and wipe the image then put a custom rom on it. Leaving only the hardware as original.
hammermanPublic CommentUserYikes....Good thing I root, install custom recovery and wipe the image then put a custom rom on it. Leaving only the hardware as original.
Yikes….Good thing I root, install custom recovery and wipe the image then put a custom rom on it. Leaving only the hardware as original.
hammermanPublic CommentUserYikes....Good thing I root, install custom recovery and wipe the image then put a custom rom on it. Leaving only the hardware as original.u can’t install custom rom for every phone :/
Fares GamalPublic CommentUseru can't install custom rom for every phone :/