The Russian security company Dr. Web, reports that 26 has discovered different Android smartphones infected with malware implanted in their firmware.
Most of the models included in the catalog, which you can find at the end of the article, are sold in the Russian market and are based on the MTK platform, which is a chipset developed by the MediaTek company in Taiwan. The list includes phones sold by the companies Prestigio, Irbis, MegaFon and SUPRA.
The security company reports that all these models are shipped with a Trojan called Android.DownLoader.473.origin, which is a downloader that starts automatically after turning on the device.
Once it detects an Internet connection, the Trojan connects to a C&C server (administration and control) and waits for instructions, while at the same time downloading and installing an application called H5GameCenter. This application in turn comes in an aggressive form of adware, which contains Adware.AdBox.1.origin malware.
"Once installed, it displays a small icon where the applications which are performed. The image cannot be removed from the Android screen. It is a shortcut that opens a directory integrated with Adware.AdBox.1.origin. In addition, the Trojan constantly displays ads", said the security company.
If users try to remove H5GameCenter from their smartphones, the Trojan automatically downloads it and installs it again without informing users.
Dr. The Web also reports that it also discovered a Trojan in Lenovo A319 and Lenovo A6000. The Trojan comes as part of an application called Rambla which develops a software directory on the affected devices.
The Trojan is identified by the company as Android.Sprovider.7 and helps attackers to download archives APK and install them on target smartphones. They can make phone calls, display ads, upload infected files, and open malicious links to programs tours.
"Cybercriminals generate their income by increasing each app's download statistics and also by distributing adware. Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were integrated into Android firmware, helping them to make money off users," the security firm said.
If you have any of the devices listed below, please contact the manufacturer directly for further support.
- MegaFon Login 4 LTE
- Irbis TZ85
- Irbis TX97
- Irbis TZ43
- Bravis NB85
- Bravis NB105
- SUPRA M72KG
- SUPRA M729G
- SUPRA V2N10
- Pixus Touch 7.85 3G
- Itell K3300
- General Satellite GS700
- Digma Plane 9.7 3G
- Nomi C07000
- Prestigio MultiPad Wize 3021 3G
- Prestigio MultiPad PMT5001 3G
- Optima 10.1 3G TT1040MG
- Marshal ME-711
- 7 MID
- Explay Imperium 8
- Perfeo 9032_3G
- Ritmix RMD-1121
- Oysters T72HM 3G
- Irbis tz70
- Irbis tz56
- Jeka JK103