DeathRing: Some Android phones come pre-loaded with malware

2 min read

We’re fanatical about your privacy and security.

If you are looking to buy a new Android smartphone you are probably already aware that it is a wise idea to install an antivirus app as quickly as possible to protect your new device from malware.

What you may not realise, however, is that your new smartphone may already have malicious code on it out of the box.

New research from mobile security vendor Lookout  has highlighted how that may be a very real problem as the company’s researchers have discovered a Trojan called DeathRing which comes pre-installed on some devices.

The Asian malware, which masquerades as a ringtone app, has been found on low-end handsets that are especially popular in Asian and African nations. According to Lookout, the affected devices include:

  • Counterfeit Samsung GS4/Note II
  • Various TECNO devices
  • Gionee Gpad G1
  • Gionee GN708W
  • Gionee GN800
  • Polytron Rocket S2350
  • Hi-Tech Amaze Tab
  • Karbonn TA-FONE A34/A37
  • Jiayu G4S – Galaxy S4 Clone
  • Haier H7
  • No manufacturer specified i9502+ Samsung Clone

The Trojan is initially dormant but is easily activated – either through the user switching the device on and off five times or by turning the screen on and off a total of fifty times.

Once DeathRing is up and running it can download SMS and WAP content from its command and control centre, giving it the ability to phish personal information from the victim or download additional malware in the form of APKs:

“For example, DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data. It may also use WAP, or browser, content to prompt victims to download further APKs — concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data.”

As DeathRing is installed within the smartphone’s firmware there is no way to remove it and even installing an antivirus app will prove to be a fruitless endeavour – the only way for a user to avoid the Trojan is to not buy the device in the first place.

So how can you protect yourself from such a nasty piece of malware?

The most obvious answer is to only buy a smartphone from well-known vendors, but even people in the more developed countries may struggle to afford the models they desire right now. So, with that in mind, the best advice would be to install a malware-detecting app on any new device as soon as you buy it – even if it cannot protect you from DeathRing it can alert you to its presence which should be reason enough for the retailer to accept a return on the device.

It would also be advisable to keep tabs on your phone bill for any unexpected charges and it may also be a good idea to look at the amount of data the device is consuming as this may highlight unexpected connections and downloads.

It would also be advisable to avoid inputting sensitive information on any device unless you are one hundred percent it is secure – so until you have verified the integrity of your new smartphone think twice before using it for online shopping, banking or inputting personal data into websites you visit.

ExpressVPN is dedicated to your online security and privacy. Posts from this account will focus on company news or significant privacy and security stories.