The Russian security company Dr. Web, reports that 26 has discovered different Android smartphones infected with malware implanted in their firmware.
Most of the models on the list, which you can find at the end of the article, are sold on the Russian market and are based on the MTK platform, which is a chipset developed by MediaTek in Taiwan. The list includes phones sold by companies Prestigio, Irbis, MegaFon and SUPRA.
The security company reports that all these models are shipped with a Trojan called Android.DownLoader.473.origin, which is a downloader that starts automatically after turning on the device.
Once it detects an Internet connection, the Trojan connects to a C&C server (administration and control) and waits for instructions, while at the same time downloading and installing an application called H5GameCenter. This application in turn comes in an aggressive form of adware, which contains Adware.AdBox.1.origin malware.
“Once installed, it displays a small icon where running apps are displayed. The image cannot be removed from the screen of Android. It is a shortcut that opens a directory integrated with Adware.AdBox.1.origin. In addition, the Trojan constantly displays advertisements”, said the security company.
If users try to remove H5GameCenter from their smartphones, the Trojan automatically downloads it and installs it again without informing users.
Dr. The Web also reports that it also discovered a Trojan in Lenovo A319 and Lenovo A6000. The Trojan comes as part of an application called Rambla which develops a software directory on the affected devices.
The Trojan is identified by the company as Android.Sprovider.7 and helps attackers download APK files and install them on target smartphones. They can make phone calls calls, να εμφανίζουν διαφημίσεις, να ανεβάζουν μολυσμένα αρχεία, και να ανοίγουν κακόβουλες connections in browsers.
“Cybercriminals generate their income by increasing the download statistics of each application and also by distributing adware. Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were integrated into the Android firmware, helping them to money by users,” the security company said.
If you have any of the devices listed below, please contact the manufacturer directly for further support.
- MegaFon Login 4 LTE
- Irbis TZ85
- Irbis TX97
- Irbis TZ43
- Bravis NB85
- Bravis NB105
- SUPRA M72KG
- SUPRA M729G
- SUPRA V2N10
- Pixus Touch 7.85 3G
- Itell K3300
- General Satellite GS700
- Digma Plane 9.7 3G
- Nomi C07000
- Prestigio MultiPad Wize 3021 3G
- Prestigio MultiPad PMT5001 3G
- Optima 10.1 3G TT1040MG
- Marshal ME-711
- 7 MID
- Explay Imperium 8
- Perfeo 9032_3G
- Ritmix RMD-1121
- Oysters T72HM 3G
- Irbis tz70
- Irbis tz56
- Jeka JK103