VietNamNet Bridge – Some low-cost smartphone and tablet models sold in Vietnam and several Asian and African countries are believed to contain a Trojan sourced from China which operates under certain conditions.



{keywords}




The Trojan is called DeathRing and it masquerades as a ringtone app, embedded in the devices’ system folders, which makes it uninstallable.

This indicates that there must be problems in the links of the supply chains, according to an expert from BKAV, the leading information security firm in Vietnam.

BKAV has cited a report from Lookout, a mobile security firm, as saying that DeathRing has been found in many low-cost phones and tablets. The markets most affected by DeathRing include Vietnam, Indonesia, India, Nigeria, Taiwan and China.

DeathRing has the ability to download Message and WAP (wireless application protocol) content from a C&C server, and is responsible for tricking users into disclosing personal information to help an attacker perform subsequent fraudulent activity.

Malware can also download the APK (Android Applications Packet,  which can more deeply access additional information stored on the devices.

The noteworthy characteristic of the malware is that it is not activated when users use the devices for the first time. The malware is activated after five restarts, or after the victims use the devices for at least 50 times.

Lookout has released a list of devices it believes have been installed with the malware. These include some low-cost models and models imitating Samsung Galaxy S4 and Note II.

The list also mentions the names TECNO, Gionee Gpad G1/GN708W/GN800, Polytron Rocket S2350, Hi-Tech Amaze Tab, Karbonn TA-FONE A34/A37, Jiayu G4S and Haier H7.

Commenting about Trojan, Lookout warned it is “very dangerous”, because the malware is embedded directly into the devices.

According to the expert from BKAV, the only way users can protect themselves from  Trojan is to keep a watchful eye over the risks and install software to protect smartphones.

He also advised people to check the origin of the devices before buying, and check phone charges regularly during use to discover any abnormalities.

BKAV reportedly is now working to discover further information about the situation. BKAV’s vice president Ngo Tuan Anh said BKAV is examining Lookout’s list of devices with Trojan installed.

Buu Dien