Vodafone HTC Smartphone Ships With Malware
Panda Security discovered Confiker, Mariposa, and Lineage password stealing malware samples installed on a recently purchased Vodafone HTC Magic smartphone.
Researchers at antivirus software vendor Panda Security are used to finding malicious code in every nook and cranny of the Internet. But this week they stumbled across something even more concerning: a colleague's new Vodafone HTC Magic smartphone was shipped with a motley assortment of malware samples, including the potent Mariposa botnet.
When the phone, which runs on the Android operating system, was plugged into a Windows PC via the USB port, the Panda Cloud Antivirus software "went off," detecting both an autorun.inf and autorun.exe as malicious.
"A quick look into the phone revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into," Pedro Bustamante, a senior research advisor at Panda Security, said in a blog posting.
Once the PC was infected, the malware began "phoning home" to receive further instructions, probably to steal all of the user's credentials and send them to the malware writer.
Mariposa, one of the largest and most destructive botnets in history, wasn't the only malware found on the smartphone.
"There's also a Confiker and a Lineage password stealing malware," Bustamante said.
Vodafone and HTC officials were not immediately available for comment.
While most consumers by now are aware of the malicious landmines littered throughout cyberspace, finding malware in devices or in software used to run devices is a fairly new but growing trend.
Earlier this week, the United States Computer Emergency Readiness Team (CERT) warned consumers that downloadable software commonly used with the Energizer DUO USB battery charger contains a Trojan that hackers can exploit to commandeer Windows-based PCs.
In that case, an installer for the Energizer DUO software, which lets users view the battery's charging status, placed the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory, creating a backdoor for hackers to list directories, execute programs and send and receive files.
Similar instances of device-infected malware were discovered in the past few years on everything from new Windows netbooks and Samsung digital photo frames to HP USB sticks and TomTom navigation guides.