This article is more than 1 year old

DeathRing: Cheapo Androids pre-pwned with mobile malware

Ringtone app's crap, dangerous and impossible to remove

A new mobile Trojan is being pre-loaded onto smartphones somewhere in the supply chain.

DeathRing masquerades as a ringtone app and is impossible to remove because it’s pre-installed in the system directory, according to mobile security firm Lookout. Samples of the malware are restricted to entry-level phones purchased in Asian and African countries (Vietnam, Indonesia, India, Nigeria, Taiwan, and China).

"The Trojan masquerades as a ringtone app, but instead can download SMS and WAP content from its command and control server to the victim’s phone," a blog post by Lookout explain. "It can then use this content for malicious means.

"For example, DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data. It may also use WAP, or browser, content to prompt victims to download further APKs - concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data."

DeathRing is loaded in the system directory of a number of devices, mostly from third-tier manufacturers selling phones to the developing world. These include counterfeit Samsung GS4/Note II, devices from Gionee and Hi-Tech Amaze Tab, among several others. Detection volumes of the mobile malware, reckoned to have been created in China, are "moderate".

Lookout says DeathRing is the second significant example of pre-installed mobile malware it has found on phones during 2014. Mouabad is also pre-installed somewhere in the supply chain and affected predominantly Asian countries, though Lookout did see some detections in Spain. The mobile security firm says the tactic of pre-installing nasties signals a shift in cybercriminal strategy towards distributing mobile malware via the supply chain.

"This is a concerning development for OEMs and retailers alike - the potential for phones to be compromised in the supply chain would have a significant impact on customer loyalty and trust in the brand," Lookout wrote. ®

More about

More about

More about


Send us news

Other stories you might like