Researchers from the firm Malwarebytes detected malicious applications on Gigaset mobile devices that are downloaded and installed using a pre-installed system update application.
Gigaset is a German manufacturer of telecommunications devices, including smartphones with the Android operating system.
Beginning on March 27, Gigaset mobile users began to notice web browsers constantly opening up on their phones and displaying ads for mobile game websites. Users of these devices noticed an unknown application “easenf” among the running applications on their devices, which is reinstalled even after removal. Other malicious applications have been noticed on the devices – “gem”, “smart” and “xiaoan”.
“The culprit for installing these malicious applications is the Update application, which is a pre-installed system application,” said Malwarebytes researcher Nathan Collier. Malwarebytes detects this application as Android / PUP.Riskware.Autoins.Redstone.
The list of devices with this application includes Gigaset GS270, Gigaset GS160, Siemens GS270, Siemens GS160, Alps P40pro and Alps S20pro +.
The Update application installs three different versions of the Trojan.Downloader.Agent.WAGD, which can send SMS and WhatsApp messages, redirect users to malicious game websites, and download other malware-infected applications.
“Malicious WhatsApp messages most likely serve to further spread the infection to other mobile devices,” Collier noted.
Users also reported that they infected their mobile devices with another Trojan, “Trojan.SMS.Agent.IHN4”, on the websites with games to which they were redirected by the above-mentioned WAGD Trojan.
Gigaset confirmed the infections, and said that the culprit was the compromised server from which the devices download updates and that it only affected the devices that download updates from that server. The company has fixed the problem and is expected to send an update that will remove the malware from the infected phones.
Gigaset said it was investigating the incident and cooperating with forensic experts and relevant authorities. “We will inform the affected users as soon as possible and provide information on how to solve the problem.” It is also important to note that at this time, according to current knowledge, this only affects older devices. We currently assume that GS110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290plus, GX290 PRO, GS3 and GS4 are not affected. ”
Source: Informacija.rs by www.informacija.rs.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!