By 
Conspiracy theorists start your engines! In what Vodafone is calling “an isolated incident”, the carrier sold a mobile phone pre-loaded with malware which – when connected to a computer – attempted to send personal information back to the malware creator:
The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into.
A quick analysis of the malware reveals that it is in fact a Mariposa bot client. This one, unlike the one announced last week which was run by spanish hacker group “DDP Team”, is run by some guy named “tnls” as the botnet-control mechanism shows…
And it gets worse. The Mariposa wasn’t the only malware – the HTC Magic was packed with Confiker and Lineage password stealing viruses as well. The source of this story claims the phone was purchased brand new, directly from Vodafone, and the malware was all pre-installed out of the box.
This begs the question – how is this happening? Is someone on the HTC production line plopping this in along the way? Or is a Vodafone employee opening Androids off the shelf and loading them locally before they’re sent out? Hopefully the carrier gets to the bottom of this although it isn’t the first and won’t be the last time something like this has happened.
One question you’ll want to ask yourself is about the source of the news. Not only was the “malware” on the phone (when connected to computer) detected by Panda Cloud Antivirus but the consumer who this happened to was – you guessed it – a Panda Security employee. Not only that but the story first appeared on the Panda Security Research Blog. I’m thinking this could mean one of two things:
- Panda Security wanted to find a creative way to push more sales of their software and inventing a “phone virus” story was their vehicle
- The Panda employee happened to catch it because hey – they’re in the industry – and many more consumers less privvy to malware are currently connecting their phones and sharing personal information having personal information stolen without knowing.
You’ve got to give Panda the benefit of the doubt in this case and they seem like a successful and respectable company. Not to mention the fact that Vodafone came out with a statement which, in many ways, seems like an admission of guilt:
Vodafone takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incident
Following extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident
Vodafone keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy.
For those that quickly attempt to jump on Android, claiming this is the reason “open” is bad – don’t judge too quickly. This could just as easily happen when you’re buying a laptop, desktop, or phone with a different OS. The scary part is that this type of thing is really happening.
Any similar stories readers care to share?
um… did the so called security expert mention if they replaced the microsd with one they already had? I belive it would be nearly impossible, the way that was mentioned, for his computer to try and autorun something embeded in the phone’s OS. Mounting the sd as a removeable disk drive… I could see that… if it is legit maybe it was a refurb or display that he purchased… I extremely doubt it was put there intentionally.
Add this to the fact it was the own security company’s employee… I call shenanigans!…. that’s right.. I called it.
i agree with jb0yz. It’s more likely that a bad sdcard caused the whole “blame it on vodafone”…
Vodafone are removing any posts regarding this subject from their uk forums without comment.
This is something that Google has just ignored a bit too much for me.
Most app’s will be legitimate, but there must be the odd one or two that will sooner or later prove to be malicious, the problem is, Google gives away alot of information to apps – which is both amazing and bad.
There is many apps that could have legitimate use of contact details (e-mail, phone number, address, photo etc) but then in the background, send all this away to then use as they please. The user wouldn’t know it was happening, so who would flag it as malicious?
I think this story is a bit far fetched, malware on the Android Device, attacking the Android system itself – I doubt very much would occur, virus distribution to computers? unlikely in hardware (sdcard), but sending e-mails containing viruses for computers? Maybe.
I think this story is bogus, but I think it raises a good point :-)
Matt
This harks back to the conspiracy theory of just how can Norton find and release viruses ‘found’ before they were actually distributed to the world. In the 90s it was a common idea that anti-virus software kept themselves in business. Either way, anyone one not running anti-virus on their computers are morons. (this would include certain of my family members.)
Paranoia is the name of the game. Open source is great but you still have to practice common sense.
@gauntface
I read the story differently. I didn’t read this as malware on the Android system that attacks Android.
I read it as Windows malware on a USB device (a phone) that attacks a Windows PC.
Take the USB device (a phone in this case) and plug it into your Windows PC and — poof — you’re infected thanks to the goodness of Windows, and other malware enabling features exclusive to Windows, such as Autorun.
This could happen with any USB device, including ANY phone, or mp3 player.
It is a very credible explanation that an employee on an assembly line picks up a phone, plugs it into an infected PC to test something, and the PC copies the malware to the USB device (in this case, a phone). Put the phone back on the assembly line, package it up like new, factory fresh in a factory sealed box.
Alternately, an employee at the carrier takes a phone, plugs it into an infected PC, and the phone is sold as new.
Android malware that attacks Android or other Android devices is a worthwhile subject to discuss. I just think this story is NOT about Android malware, but IS about Windows malware.
Right on target, @DannyB
@DannyB I totally agree with you that this story is related to the flaws in Windows, not Android :-)
Disable All windows auto runs. Problem solved LoL!!
The problem is that he had Windows.
If he had a Mac or Linux then it wouldn’t be an issue :D
This happened either in the vodafone store, htc assemly line or the SD card manufacturer’s plant. it simply means the card was read by an affected PC at one point. this is not a dastardly conspiracy.
This happened to me with a brand new sealed msi (Korean)brand mp3 player a few years ago.. F’d my sht up real good..
Want a conspiracy theory? There’s just such a malware, but undectible, in every cheap Chinese gadget you buy… And in all chinese built laptops.. Probably not.. But seems odd you can buy a Chinese card reader on eBay direct from china for $1 free ship..
When I read the first part, the first thing I thought was… hmm Panda cloud Antivirus aye… should try that out… must be something good…
then i read that this happened to a panda av employee and there u have it… i smelled some really foul fish.
what are the odds that this isolated incident of htc gets to someone who works for an av company and the computer they used was running an antivirus…?
this is totally a conspiracy.
Let’s be clear about the risk to Android or ANY other operating system: They are ALL, at a simple level, EQUALLY VULNERABLE. There IS some safety in tightly controlled stores, like apple has, or as AT&T configured their phone to not allow off-market apps. But as the devices proliferate and largely replace pcs for significant numbers, AND roaming wifi usage increases (think no firewall and a many to many connection – as opposed to a store 1:1 download or behind a provider’s firewall), so will phone viruses.
Windows suffers the most today, simply because it has the widest, and least security educated, user base; hence, it meets the virus writer’s goal of the widest and fastest proliferation of a virus. Smartphones will likely change that over time.
ADS
as a follow up to those who think unix isn’t vulnerable, be it Mac, Linux, Sun, Android, whatever, you might want to do some research on where the first viruses emerged: Think buffer overflow on port 80 – probably before windows even had an IP stack!
Or ask those who professionally patch server farms if there are unix patches for security. There are, on a regular basis, I assure you.
What you don’t have today, is the higher numbers of non corporate end users not running behind firewalls, like windows does.
ADS
@ADS: WRONG. They are NOT all EQUALLY VULNERABLE. Windows by nature is more so, MUCH more so. That doesn’t mean that any are above being hacked. It does mean that Linux, and UNIX systems by nature are more secure. Yes, there are ways, but viruses are a different animal. They cannot on UNIX systems (Linux included if you’re running it right) auto start and propagate, or infect the root of the C: drive (’cause there is no C: drive), or the root file system for that matter. Why? Because a regular user cannot write to those file systems that will infect the whole system, and because the execution of files in UNIX DOES NOT depend on an extension like .exe. Not only that but this has absolutely NOTHING to do with who has more desktops in the world. There are more UNIX, Linux, and Solaris machines running Websites in the world than there ever will be Windows. Windows users and machines are just the easiest targets.
Now, do I patch my Linux servers and desktops? Yep, quarterly I check and update everyone of the servers and I update my desktops daily. Why? Because I know that no OS is completely invulnerable, well, except maybe for OpenBSD? I recall one of the BSDs had no known remote hacks for years, and that may be it.
Now, in this case none of the aforementioned “maleware” could infect a UNIX, Linux or MAC host (which would include Android) because they are NOT windows, and those viruses all attack windows.
i have to agree with concerned adult on this one. from all of my research it sounds more along the lines of what i have studied. windows is way more open to getting viruses, linux is more secure but can be hit also but having my choice over smart phones i would go anything other than windows os.