Mobile SecuritySmartphones and other mobile devices are on everyone’s holiday lists again this year. Most folks opt for new phones, catching sales and deals when they can. Usually selecting phones with the software and features they like, the one thing they don’t expect to find pre-loaded is malware on their brand new phones.

For the second time this year, Android phones were found infected with a Chinese Trojan referred to as “DeathRing”. Although isolated to Asia and Africa, sources speculate that, due to the pre-loaded nature of the infection, it is just a matter of time before it becomes widespread and reaches the U.S.

In Lookout’s recent blog post, Jeremy Linden describes the characteristics of the DeathRing Trojan as follows:

  • The Trojan masquerades as a ringtone app, but instead can download SMS and WAP content from its command and control server to the victim’s phone. It can then use this content for malicious means.

For example, DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data. It may also use WAP, or browser, content to prompt victims to download further APKs — concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data.

  • The malware is activated in two ways — both dependent on the victim’s use of the phone. First, the malware will activate if the phone is powered down and rebooted five times. On the fifth reboot, the malware starts. Second, the malicious service will start after the victim has been away and present at the device at least fifty times.
  • The list of phones affected varies but includes a number of Samsung and Galaxy “knockoffs”.
  • Unfortunately, it is impossible for security vendors to remove this malware because it’s pre-installed in the phone’s system directory.You can, however, use the following tips in order to stay safe:
    • Be aware of the origins of the device you’re buying.
    • Download a mobile security app like Lookout’s app that protects against malware as a first line of defense — if you are alerted to malware like this on the device, you may want to get a refund.
    • Regularly check your phone bill for any curious charges.

For more information regarding DeathRing, read the full Lookout blog post.


APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.


Deathring Strikes for Second Time This Year

Leave a Reply