The Russian security company Dr. Web, reports that 26 has discovered different Android smartphones infected with malware implanted in their firmware.
Most of the models included in the catalog, which you can find at the end of the article, are sold in the Russian market and are based on platform MTK, which is a chipset developed by the MediaTek company in Taiwan. The list includes phones sold by the companies Prestigio, Irbis, MegaFon and SUPRA.
Η εταιρεία ασφαλείας αναφέρει ότι όλα αυτά τα μοντέλα αποστέλλονται με ένα Trojan που ονομάζεται Android.DownLoader.473.origin, το οποίο είναι ένας downloader που ξεκινά αυτόματα αμέσως μετά την ενεργοποίηση της devices.
Once it detects an Internet connection, the Trojan connects to a C&C server (administration and control) and waits for instructions, while at the same time downloading and installing an application called H5GameCenter. This application in turn comes in an aggressive form of adware, which contains Adware.AdBox.1.origin malware.
“Once installed, it displays a small icon where the applications which are performed. The image cannot be removed from the Android screen. It is a shortcut that opens a directory integrated with Adware.AdBox.1.origin. In addition, the Trojan constantly displays advertisements”, said the security company.
If users try to remove H5GameCenter from their smartphones, the Trojan automatically downloads it and installs it again without informing users.
Dr. The Web also reports that it also discovered a Trojan in Lenovo A319 and Lenovo A6000. The Trojan comes as part of an application called Rambla which develops a software directory on the affected devices.
The Trojan is identified by the company as Android.Sprovider.7 and helps attackers download APK files and install them on target smartphones. They can make phone calls, display ads, upload infected files, and open malicious links toletterbrowsing.
“Cybercriminals are generating revenue by increasing the download statistics of each application and by distributing advertising software. As a result, Android.DownLoader.473.origin and Android.Sprovider.7 were integrated into the Android firmware, helping them make money from users, ”the security company said.
If you have any of the devices listed below, please contact the manufacturer directly for further support.
- MegaFon Login 4 LTE
- Irbis TZ85
- Irbis TX97
- Irbis TZ43
- Bravis NB85
- Bravis NB105
- SUPRA M72KG
- SUPRA M729G
- SUPRA V2N10
- Pixus Touch 7.85 3G
- Itell K3300
- General Satellite GS700
- Digma Plane 9.7 3G
- Nomi C07000
- Prestigio MultiPad Wize 3021 3G
- Prestigio MultiPad PMT5001 3G
- Optima 10.1 3G TT1040MG
- Marshal ME-711
- 7 MID
- Explay Imperium 8
- Perfeo 9032_3G
- Ritmix RMD-1121
- Oysters T72HM 3G
- Irbis tz70
- Irbis tz56
- Jeka JK103