Chinese Hackers

‘DeathRing’ Chinese Malware Found Pre-Installed on Gionee phones, Karbonn tabs

'DeathRing' Chinese Malware Found Pre-Installed on Gionee phones, Karbonn tabs

Security researchers had discovered that a new mobile Trojan horse pre installed on new Chinese made Android smartphones Gionee phones, Karbonn tabs  which are popular in Asia & Africa.

A malware, popularly known as virus dubbed DeathRing, is a Chinese Trojan that masquerades as a ringtone app and comes pre-installed on Android smartphones that are most popular in Asian and African countries including Taiwan, Vietnam, Indonesia, India, Nigeria, and China.

DeathRing malware application cannot be uninstalled by the end user or by anti-malware software because it comes pre-installed in the system directory of the handsets at an unknown point within the supply chain, making the threat even more serious.

How Deathring Malware Affects ?

Though the Deathring malware pretends to be a genuine ringtone application, but actually downloads SMS and WAP content from its command-and-control server to the victim’s handset, which gives it potential to phish user’s sensitive data through fake text messages.

“DeathRing malware might use SMS content to phish user’s private information by imitation text messages requesting the desired data”. “Deathring malware may also use WAP, or browser, content to prompt users to download further APKs – concerning given that the malware  creators could be tricking people into downloading further more dangerous malwares that extends the adversary’s reach into the user’s device and data.” – The security firm LookOut wrote in a blog post.

Affected Android Smartphones

DeathRing malware comes pre-loaded on a number of new Chinese smartphones sold by third-tier manufacturers to developing countries and according to the Lookout, the affected Smartphones are:

  • Counterfeit Samsung GS4/Note II
  • Hi-Tech Amaze Tab
  • A variety of TECNO devices
  • Gionee GN800
  • Gionee Gpad G1
  • Gionee GN708W
  • Jiayu G4S – Galaxy S4 clones,
  • Polytron Rocket S2350
  • Haier H7
  • Karbonn TA-FONE A34/A37
  • a i9502+ Samsung clone by an unspecified manufacturer

DeathRing malware is not the first pre-installed malware spotted by the security agency. Last year LookOut had discovered another pre-installed malware called Mouabad on Smartphones sold by retailers in China, India, and the Philippines.  Mouabad malware is also somewhere pre-installed in the supply chain and affected predominantly Asian countries.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top

Subscribe For Latest Updates

Signup for our newsletter and get notified when we publish new articles for free!