Mariposa bot distributed by Vodafone's infected phone
Posted on 09 March 2010.
Following yesterday's news about the Energizer DUO USB recharger that infects PCs with a Trojan, here is another piece of equipment whose software comes bundled with malware: the new Vodafone HTC Magic with Google’s Android OS.

The massive infection potential was commented on by a Panda Security's researcher, who says that the phone in question is distributed by Vodafone "to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions."

The researcher has been alerted to the possibility of the phone carrying malware by a colleague who, upon receiving the phone, connected it to her PC and triggered a warning by the company's cloud AV solution: two files, autorun.inf and autorun.exe are malicious.

It turns out that the phone is infected with a Mariposa bot client that enlists the PC into a botnet run by someone that goes by the handle "tnis". The C&C centres are located at:
Once the PC is infected, you can see the malware contacting the centers for further instructions:

But that's not the end of it - the researcher also found a Confiker and a Lineage password stealing malware on the phone, making him wonder just what kind of Quality Assurance operation Vodafone and HTC are running.

Vodafone released a statement saying that "early indications are that this was an isolated local incident".


10 practical security tips for DevOps

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Mar 31st