Mariposa bot distributed by Vodafone's infected phone
Posted on 09 March 2010.
Following yesterday's news about the Energizer DUO USB recharger that infects PCs with a Trojan, here is another piece of equipment whose software comes bundled with malware: the new Vodafone HTC Magic with Google’s Android OS.


The massive infection potential was commented on by a Panda Security's researcher, who says that the phone in question is distributed by Vodafone "to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions."

The researcher has been alerted to the possibility of the phone carrying malware by a colleague who, upon receiving the phone, connected it to her PC and triggered a warning by the company's cloud AV solution: two files, autorun.inf and autorun.exe are malicious.

It turns out that the phone is infected with a Mariposa bot client that enlists the PC into a botnet run by someone that goes by the handle "tnis". The C&C centres are located at:
  • mx5.nadnadzz2.info
  • mx5.channeltrb123trb.com
  • mx5.ka3ek2.com.
Once the PC is infected, you can see the malware contacting the centers for further instructions:


But that's not the end of it - the researcher also found a Confiker and a Lineage password stealing malware on the phone, making him wonder just what kind of Quality Assurance operation Vodafone and HTC are running.

Vodafone released a statement saying that "early indications are that this was an isolated local incident".






Spotlight

How GitHub is redefining software development

Posted on 26 January 2015.  |  The security industry is slowly realizing what the developer community knew for years - collaboration is the key to and likely the future of innovation.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Jan 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //