DeathRing: Cheapo Androids pre-pwned with mobile malware

Ringtone app's crap, dangerous and impossible to remove


A new mobile Trojan is being pre-loaded onto smartphones somewhere in the supply chain.

DeathRing masquerades as a ringtone app and is impossible to remove because it’s pre-installed in the system directory, according to mobile security firm Lookout. Samples of the malware are restricted to entry-level phones purchased in Asian and African countries (Vietnam, Indonesia, India, Nigeria, Taiwan, and China).

"The Trojan masquerades as a ringtone app, but instead can download SMS and WAP content from its command and control server to the victim’s phone," a blog post by Lookout explain. "It can then use this content for malicious means.

"For example, DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data. It may also use WAP, or browser, content to prompt victims to download further APKs - concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data."

DeathRing is loaded in the system directory of a number of devices, mostly from third-tier manufacturers selling phones to the developing world. These include counterfeit Samsung GS4/Note II, devices from Gionee and Hi-Tech Amaze Tab, among several others. Detection volumes of the mobile malware, reckoned to have been created in China, are "moderate".

Lookout says DeathRing is the second significant example of pre-installed mobile malware it has found on phones during 2014. Mouabad is also pre-installed somewhere in the supply chain and affected predominantly Asian countries, though Lookout did see some detections in Spain. The mobile security firm says the tactic of pre-installing nasties signals a shift in cybercriminal strategy towards distributing mobile malware via the supply chain.

"This is a concerning development for OEMs and retailers alike - the potential for phones to be compromised in the supply chain would have a significant impact on customer loyalty and trust in the brand," Lookout wrote. ®


Tech Resources

What WAF is right for you

Applications are architected in many ways, but all need protection from threats. Learn the most important things to consider when choosing a WAF.

Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

Biting the hand that feeds IT © 1998–2021