The Russian security company Dr. Web, reports that he discovered 26 different Android smartphone infected with malware implanted in their firmware.
Most of the models on the list, which you can find at the end of the article, are sold on the Russian market and are based on the MTK platform, which is a chipset developed by MediaTek in Taiwan. The list includes phones sold by companies Prestigio, Irbis, MegaFon and SUPRA.
The security company reports that all these models are shipped with a Trojan called Android.DownLoader.473.origin, which is a downloader that starts automatically after turning on the device.
Μόλις εντοπίσει κάποια σύνδεση στο Internet, το Trojan συνδέεται με έναν C&C server (διοίκησης και ελέγχου) και περιμένει οδηγίες, ενώ την ίδια στιγμή κατεβάζει και εγκαταστήνει μια application called H5GameCenter. This application in turn comes with an aggressive form of adware, containing the Adware.AdBox.1.origin malware.
“Once installed, it displays a thumbnail of where the running applications are displayed. The image cannot be removed from the Android screen. It is a shortcut that opens a directory that is integrated with Adware.AdBox.1.origin. In addition, the Trojan is constantly displaying ads ”, said the security company.
If users try to remove H5GameCenter from their smartphones, the Trojan automatically downloads it and installs it again without informing users.
Dr. The Web also reports that it also discovered a Trojan in Lenovo A319 and Lenovo A6000. The Trojan comes as part of an application called Rambla which develops a software directory on the affected devices.
The Trojan is identified by the company as Android.Sprovider.7 and helps attackers download APK files and install them on target smartphones. They can make phone calls, display ads, upload infected files, and open malicious links to programs browsing.
“Cybercriminals are generating revenue by increasing the download statistics of each application and by distributing advertising software. As a result, Android.DownLoader.473.origin and Android.Sprovider.7 were integrated into the Android firmware, helping them make money from users, ”the security company said.
If you have any of the devices you will find in the list below, please contact the manufacturer directly for further information support.
- MegaFon Login 4 LTE
- Irbis TZ85
- Irbis TX97
- Irbis TZ43
- Bravis NB85
- Bravis NB105
- SUPRA M72KG
- SUPRA M729G
- SUPRA V2N10
- Pixus Touch 7.85 3G
- Itell K3300
- General Satellite GS700
- Digma Plane 9.7 3G
- Nomi C07000
- Prestigio MultiPad Wize 3021 3G
- Prestigio MultiPad PMT5001 3G
- Optima 10.1 3G TT1040MG
- Marshal ME-711
- 7 MID
- Explay Imperium 8
- Perfeo 9032_3G
- Ritmix RMD-1121
- Oysters T72HM 3G
- Irbis tz70
- Irbis tz56
- Jeka JK103