December 7, 2014 by

Some Android Phones Come Pre-Loaded With Malware

It is not uncommon for android smartphones to get infected with some type of malware at some point in time. What, however, is quite uncommon, is when malware comes pre-loaded with your brand new device out-of-the-box.

Lookout, a mobile security company, recently identified malware that there is no way to avoid, except for purchasing a different phone. The malware, which was named the DeathRing, is a Chinese Trojan that pretends to be a ringtone app. The malware is found on low-end Android phones around the globe, but mainly in some African countries and Asia (including Nigeria, Vietnam, Indonesia, India, Taiwan, and China).

The DeathRing malware has the ability to serve phishing messages and download content via internet to the victim’s phone, among other things. The second capability is what is rather concerning, as it has the ability to download more malware onto the device, which greatly extends its damage potential. The malware is activated by either restarting the phone 5 times, or by going in and out of stand-by mode (turning of the screen) 50 times.

Victims are also out of luck if they think that installing antivirus apps will help them in any way. Sadly, since the malware is pre-loaded within the device’s ROM/firmware, it cannot be removed. At least not until the smartphone is rooted, which is certainly something not many users feel comfortable doing (there is a chance your device might get “bricked.” There are a few things customers can do to stay safe:

  • Make sure you know where your device comes from (read reviews prior to buying, make sure the manufacturer is known, and at least somewhat reputable)
  • Install antivirus software – it might not be able to remove, but it can detect the malware. You can then go and return the device
  • Check your phone bill for extra charges

The good news is, that most, if not all, devices affected are not well-known in the North America or Europe. They include:

  • Counterfeit Samsung GS4/Note II
  • Various TECNO devices
  • Gionee Gpad G1
  • Gionee GN708W
  • Gionee GN800
  • Polytron Rocket S2350
  • Hi-Tech Amaze Tab
  • Karbonn TA-FONE A34/A37
  • Jiayu G4S – Galaxy S4 Clone
  • Haier H7
  • No manufacturer specified i9502+ Samsung Clone


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

Microsoft Sees Cryptocurrency Miners as an ‘Increasing Threat’

Software giant Microsoft has labelled malicious cryptocurrency miners as an increasing threat as...

Read more arrow_forward

Robots are Now Vulnerable to Ransomware Attacks

Security researchers have put the spotlight on malware affecting humanoid robots with the first...

Read more arrow_forward