While Vodaphone is calling this “an isolated incident”, they have apparently sold a phone that came pre-loaded with malware that would send personal information back to the malware creator when it was connected to a computer. It was infected with the Mariposa bot client, and also with the Confiker and Lineage password stealing viruses.
“The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into.
A quick analysis of the malware reveals that it is in fact a Mariposa bot client. This one, unlike the one announced last week which was run by spanish hacker group “DDP Team”, is run by some guy named “tnls” as the botnet-control mechanism shows…”
You must take this article with a grain of salt though, because the source of the article was a Panda Security employee and it was first posted on a Panda Security Research Blog.
Vodaphone released the following statement:
“Vodafone takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incident
Following extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident
Vodafone keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy.”
Source: Phandroid (Thanks for the tip Mordy)
© 2010, mindfrost82. All rights reserved.
Very interesting, it looks like the issue was with a microsd card. Likely the phone or SD card was used.
Often times retailers will resell phones that only left the store for a day or two and came back inside the return policy. A factory reset does not wipe the SD card. My money is on a slightly used phone combined with a wipe that wasn’t thorough.
I also love how the writer at panda said the malware was “probably (going) to steal all of the user’s credentials and send them to the malware writer.”
[...] 1 votes vote HTC Magic Packed With Malware? While Vodaphone is calling this "an isolated incident", they have apparently sold a phone that [...]
I agree with Banden. I’ve seen a few instances where a usb flash drive has been infected with an autorun.inf to launch an exe.
I believe there’s a good chance that the Device had been plugged into an infected PC before it began infecting others. If the PC is still infected, it will continue to infect any USB drive plugged in.
Might have been something related to this?
Researchers build 8,000-strong smartphone botnet
http://blogs.zdnet.com/security/?p=5607
“Looking to raise awareness about the security implications of third-party apps in smartphones, a pair of security researchers used the lure of an innocuous weather application to commandeer about 8,000 iPhones and Android devices in a mobile botnet.”