DeathRing: Some Android Phones Come Pre-Loaded With Malware


If you are looking to buy a new Android smartphone you are probably already aware that it is a wise idea to install an antivirus app as quickly as possible to protect your new device from malware.

What you may not realise, however, is that your new smartphone may already have malicious code on it out of the box.

New research from mobile security vendor Lookout  has highlighted how that may be a very real problem as the company’s researchers have discovered a Trojan called DeathRing which comes pre-installed on some devices.

The Asian malware, which masquerades as a ringtone app, has been found on low-end handsets that are especially popular in Asian and African nations. According to Lookout, the affected devices include:

  • Counterfeit Samsung GS4/Note II
  • Various TECNO devices
  • Gionee Gpad G1
  • Gionee GN708W
  • Gionee GN800
  • Polytron Rocket S2350
  • Hi-Tech Amaze Tab
  • Karbonn TA-FONE A34/A37
  • Jiayu G4S – Galaxy S4 Clone
  • Haier H7
  • No manufacturer specified i9502+ Samsung Clone

The Trojan is initially dormant but is easily activated – either through the user switching the device on and off five times or by turning the screen on and off a total of fifty times.

Once DeathRing is up and running it can download SMS and WAP content from its command and control centre, giving it the ability to phish personal information from the victim or download additional malware in the form of APKs:

“For example, DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data. It may also use WAP, or browser, content to prompt victims to download further APKs — concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary’s reach into the victim’s device and data.”

As DeathRing is installed within the smartphone’s firmware there is no way to remove it and even installing an antivirus app will prove to be a fruitless endeavour – the only way for a user to avoid the Trojan is to not buy the device in the first place.

So how can you protect yourself from such a nasty piece of malware?

The most obvious answer is to only buy a smartphone from well-known vendors, but even people in the more developed countries may struggle to afford the models they desire right now. So, with that in mind, the best advice would be to install a malware-detecting app on any new device as soon as you buy it – even if it cannot protect you from DeathRing it can alert you to its presence which should be reason enough for the retailer to accept a return on the device.

It would also be advisable to keep tabs on your phone bill for any unexpected charges and it may also be a good idea to look at the amount of data the device is consuming as this may highlight unexpected connections and downloads.

It would also be advisable to avoid inputting sensitive information on any device unless you are one hundred percent it is secure – so until you have verified the integrity of your new smartphone think twice before using it for online shopping, banking or inputting personal data into websites you visit.


  1. Chances of the malware making it over to the west is a lot smaller because of tighter control chain measures…but it doesn’t mean that it can’t!!

    • As far as DeathRing is concerned, that could be true. But if you read another article you’ll see the iPhone which is the most worshiped cellphone in the West has flaws of its own.

      “Apple products aren’t immune to this problem, either; software has been discovered that allows malicious actors to turn off Apple iSight webcam warning lights — in one extreme case, a woman was blackmailed with pictures taken of her without her consent and without any clothes. The culprit was apprehended, but this kind of personal violation goes a long way to legitimizing users who cover up camera lenses even when their phones are not in use.

      It’s also worth mentioning that there are also legitimate apps for iPhones that allow you to make it seem as though your camera isn’t recording. Instead, the screen can be entirely black or it can be made to appear that you’re just browsing a website and not taking a video. And while this might sound like fun and games if you’re the one in control — it’s your phone, after all — think about the implications of these apps as malware. What if you accidentally downloaded one and it was enabled remotely, or if a piece of malicious code took control of your camera app? You could be spying on yourself and not even know it.”

      That article is taken from