The Russian security company Dr. Web, reports that 26 has discovered different Android smartphones infected with malware implanted in their firmware.
Most of them models που περιλαμβάνονται στον κατάλογο, τον οποίον μπορείτε να βρείτε στο τέλος του άρθρου, πωλούνται στη ρωσική αγορά και βασίζονται στην πλατφόρμα MTK, η οποία είναι ένα chipset που αναπτύχθηκε από την εταιρεία MediaTek στην Taiwan. Ο κατάλογος περιλαμβάνει τηλέφωνα που πωλούνται από τις εταιρείες Prestigio, Irbis, MegaFon and SUPRA.
The security company reports that all these models are shipped with a Trojan called Android.DownLoader.473.origin, which is a downloader that starts automatically after turning on the device.
Once it detects an Internet connection, the Trojan connects to a C&C (command and control) server and waits for instructions, while at the same time downloading and installing an application called H5GameCenter. This application in turn comes with an aggressive form adware, which contains the Adware.AdBox.1.origin malware.
"Μόλις εγκατασταθεί, εμφανίζει μια μικρή εικόνα στο μέρος που εμφανίζονται οι εφαρμογές που εκτελούνται. Η εικόνα δεν μπορεί να αφαιρεθεί από την οθόνη του Android. Είναι μια συντόμευση η οποία ανοίγει έναν κατάλογο που έχει ενσωματωθεί με το Adware.AdBox.1.origin. Επιπλέον, το Trojan εμφανίζει συνεχώς διαφημίσεις", said the security company.
If users try to remove H5GameCenter from their smartphones, the Trojan automatically downloads it and installs it again without informing users.
Dr. The Web also reports that it also discovered a Trojan in Lenovo A319 and Lenovo A6000. The Trojan comes as part of an application called Rambla which develops a software directory on the affected devices.
The Trojan is identified by the company as Android.Sprovider.7 and helps attackers download APK files and install them on target smartphones. They can make phone calls, display ads, upload infected files, and open malicious links to programs tours.
"Cybercriminals generate their income by increasing each app's download statistics and also by distributing adware. Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were integrated into Android firmware, helping them to make money off users," the security firm said.
If you have any of the devices you will find in the list below, please contact the manufacturer directly for further information support.
- MegaFon Login 4 LTE
- Irbis TZ85
- Irbis TX97
- Irbis TZ43
- Bravis NB85
- Bravis NB105
- SUPRA M72KG
- SUPRA M729G
- SUPRA V2N10
- Pixus Touch 7.85 3G
- Itell K3300
- General Satellite GS700
- Digma Plane 9.7 3G
- Nomi C07000
- Prestigio MultiPad Wize 3021 3G
- Prestigio MultiPad PMT5001 3G
- Optima 10.1 3G TT1040MG
- Marshal ME-711
- 7 MID
- Explay Imperium 8
- Perfeo 9032_3G
- Ritmix RMD-1121
- Oysters T72HM 3G
- Irbis tz70
- Irbis tz56
- Jeka JK103