1

An increasing number of my acquaintances seem to be in the habit of buying cheap Android smartphones when in China on business and, increasingly, from online auction sites. More often than not these will be clones of flagship models but without the flagship price tag; however, cheap is not always cheerful. I've seen some of these devices with their look-alike operating systems and their flimsy construction, and given a quick once over have to say I wouldn't trust them with my calls, texts and data. That level of mistrust appears to be well founded, not least because it would seem that some of these cheap clone phones are coming pre-loaded with malware called DeathRing.

According to mobile security outfit Lookout this is the second time this year that an outbreak of DeathRing has been spotted. The Chinese Trojan, Lookout says, is coming pre-installed on a whole bunch of cheap Chinese phones which are most popular in the Asian and African regions. The company does admit, it has to be said, that the volume when it comes to DeathRing detection is 'moderate' although it doesn't give any actual numbers. Lookout does insist that active detections are being picked up globally though, which makes the threat both viable and concerning.

DeathRing, as the name suggests, pretends to be a pre-loaded ringtone app but in actual fact is actually a malware conduit for content downloaded from a central command and control server. SMS content can be pushed to the handset, for example, which takes the form of a fake operator text message asking for data. DeathRing can also use browser (WAP) content to initiate further malicious downloads. Interestingly, DeathRing is activated in an unusual manner considering it is already pre-loaded onto the infected devices. Either it requires the user to have used the phone (been 'away and then present') at least 50 times or for the device to have been powered down 5 times; after which the malicious service itself will activate automatically.

Lookout says it does not know where in the supply chain the malware is being introduced, although the most likely suspects have to be the distributors of these third-tier manufactured devices I would imagine. The following is a list of handsets known to have been pre-loaded with DeathRing so far:

Counterfeit Samsung GS4/Note II
Various TECNO devices
Gionee Gpad G1
Gionee GN708W
Gionee GN800
Polytron Rocket S2350
Hi-Tech Amaze Tab
Karbonn TA-FONE A34/A37
Jiayu G4S – Galaxy S4 Clone
Haier H7
No manufacturer specified i9502+ Samsung Clone

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

2
Contributors
2
Replies
46
Views
2 Years
Discussion Span
Last Post by Kelly Burby
0

This is the reason why I always say that using cheap chinese devices can put your privacy at risk. Now I understand why they are giving away cheap devices ..

0

Well, this really gives me a feel that now Android is on the hit list of the attacker every day I have been warnings issued in public interest by the officials about the loop holesand mailicious programs ! I remember I have been hearing about a Worm.Koler which locks your device down with the message
‘someone made a profile named -[the contact’s name]- and he/she uploaded some of your photos! Is that you?’ and that's something scray !

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.