Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

DeathRing: Cheapo Androids pre-pwned with mobile malware

Ringtone app's crap, dangerous and impossible to remove

A new mobile Trojan is being pre-loaded onto smartphones somewhere in the supply chain.

DeathRing masquerades as a ringtone app and is impossible to remove because it’s pre-installed in the system directory, according to mobile security firm Lookout. Samples of the malware are restricted to entry-level phones purchased in Asian and African countries (Vietnam, Indonesia, India, Nigeria, Taiwan, and China).

"The Trojan masquerades as a ringtone app, but instead can download SMS and WAP content from its command and control server to the victim’s phone," a blog post by Lookout explain. "It can then use this content for malicious means.

"For example, DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data. It may also use WAP, or browser, content to prompt victims to download further APKs - concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data."

DeathRing is loaded in the system directory of a number of devices, mostly from third-tier manufacturers selling phones to the developing world. These include counterfeit Samsung GS4/Note II, devices from Gionee and Hi-Tech Amaze Tab, among several others. Detection volumes of the mobile malware, reckoned to have been created in China, are "moderate".

Lookout says DeathRing is the second significant example of pre-installed mobile malware it has found on phones during 2014. Mouabad is also pre-installed somewhere in the supply chain and affected predominantly Asian countries, though Lookout did see some detections in Spain. The mobile security firm says the tactic of pre-installing nasties signals a shift in cybercriminal strategy towards distributing mobile malware via the supply chain.

"This is a concerning development for OEMs and retailers alike - the potential for phones to be compromised in the supply chain would have a significant impact on customer loyalty and trust in the brand," Lookout wrote. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like