Cyber Attacks Targeting Smartphone Supply Chains

DeathRing is a Trojan believed to be of Chinese origin that masquerades as a ringtone app, but can download SMS and browser content from its command and control server to the victim’s phone.

DeathRing could use SMS content to phish a victim’s personal information, for example, using fake text messages requesting the data. 

The malware could also use browser content to prompt victims to download further Android application packages (APKs), which may include more malware.

Lookout researchers say the malicious app is impossible to remove because it is pre-installed in the system directory.

This is of concern to original equipment makers (OEMs) and retailers because the compromise of mobiles in the supply chain could have a significant impact on customer loyalty and trust in the brand.

Mainly affecting lower-tier smartphones bought in Asian and African countries, this is the second significant example of pre-installed mobile malware that Lookout has found on phones in 2014.

The devices pre-loaded with DeathRing are so far mostly from third-tier manufacturers. The main countries affected are Vietnam, Indonesia, India, Nigeria, Taiwan and China.

Researchers said this signals a potential shift in cyber-criminal strategy towards distributing mobile malware through the supply chain.

Earlier this year, Lookout detected another pre-loaded piece of malware called Mouabad. Like DeathRing, Mouabad was also pre-installed somewhere in the supply chain and affected predominantly Asian countries, but researchers did see some cases in Spain.

Although it is impossible to remove DeathRing and Mouabad because they are pre-installed in the phone’s system directory, Lookout researchers recommend that mobile users:

• Be aware of the origins of the device they are buying.
• Download a mobile security app to protect against malware.
• Check phone accounts regular for any unusual charges.

Source: ComputerWeekly

Related: Regin, a New Computer Spying Bug Discovered