Thinking of buying a cloned Android smartphone of a flagship Samsung device? Well, you might get a free inbuilt Chinese malware with it. Yes, a new malware called ‘DeathRing’ has been detected by a security firm Lookout, which comes pre-loaded in various low-cost Android smartphones available in Asia and Africa.
The worst part is that this malware is non-removable as it is inherent within a phone’s system directory, making the threat even more severe. The security team and the phone manufacturers are still clueless about where exactly this ‘DeathRing’ Malware was being pre-loaded in the supply chain. This makes DeathRing a matter of grave concern.
According to Lookout, DeathRing resides within various low-cost smartphones by posing or masquerading as a genuine ringtone app, but in reality tricks users to download SMS and WAP malware-infested content from the Malware’s controlling server to the victim’s handset, which gives it easy access sensitive data of the User.
Excerpt from Lookout Blog post:
“DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data, It may also use WAP, or browser, content to prompt victims to download further APKs – concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data.”
This means that the malware is capable of downloading malicious SMS text and web content that can be used by cybercriminals to launch varied attacks such as phishing attacks, which leads to exposure of confidential user data that is stored within infected smartphones.
This Chinese Malware is inherent in various smartphones across Asian and African countries like India, Taiwan, Vietnam, Indonesia, and Nigeria. Here’s the list of smartphones that have been infected:
- Cloned Samsung Galaxy S4/Note II
- A variety of TECNO devices
- Gionee Gpad G1
- Gionee GN708W
- Gionee GN800
- Polytron Rocket S2350
- Hi-Tech Amaze Tab
- Karbonn TA-FONE A34/A37
- Jiayu G4S – Galaxy S4 clone
- Haier H7
- a i9502+ Samsung clone
While lookout was able to trace this malware in the above entry-level smartphones, it is believed that it could also be present in more devices in other parts of the world as well. This indicates that the DeathRing malware is a sort of slow poison and could spread in major technology hubs of the world such as the US and Europe.
Personally I feel, people who opt for cheap smartphones would obviously not do any major bank or credit card transaction on it, However, People who are on holiday season in Asia and who want to opt for low-cost Smartphones just for the time being are most vulnerable to this malware. So if you are one of those, choose your smartphone wisely.