Mariposa bot distributed by Vodafone's infected phone
Posted on 09 March 2010.
Following yesterday's news about the Energizer DUO USB recharger that infects PCs with a Trojan, here is another piece of equipment whose software comes bundled with malware: the new Vodafone HTC Magic with Google’s Android OS.

The massive infection potential was commented on by a Panda Security's researcher, who says that the phone in question is distributed by Vodafone "to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions."

The researcher has been alerted to the possibility of the phone carrying malware by a colleague who, upon receiving the phone, connected it to her PC and triggered a warning by the company's cloud AV solution: two files, autorun.inf and autorun.exe are malicious.

It turns out that the phone is infected with a Mariposa bot client that enlists the PC into a botnet run by someone that goes by the handle "tnis". The C&C centres are located at:
Once the PC is infected, you can see the malware contacting the centers for further instructions:

But that's not the end of it - the researcher also found a Confiker and a Lineage password stealing malware on the phone, making him wonder just what kind of Quality Assurance operation Vodafone and HTC are running.

Vodafone released a statement saying that "early indications are that this was an isolated local incident".


More than a third of employees would sell company data

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jul 31st