Malware that cannot be uninstalled by the end user is being pre-loaded onto some cheap Android smartphones.
The malware, called DeathRing, is a Chinese Trojan that masquerades as a ringtone app. However, it has the capability to download SMS and WAP content from its control server to the user's handset. This gives it the potential to phish victim's personal information through the use of fake text messages.
The malware is pre-loaded into the system directory of the handsets at an unknown point within the supply chain.
This malware cannot be removed by antimalware software or the end user.
The handsets affected are devices from third-tier manufacturers selling smartphones to developing countries. According to security firm LookOut the following handsets are affected:
- Counterfeit Samsung GS4/Note II
- Various TECNO devices
- Gionee Gpad G1
- Gionee GN708W
- Gionee GN800
- Polytron Rocket S2350
- Hi-Tech Amaze Tab
- Karbonn TA-FONE A34/A37
- Jiayu G4S - Galaxy S4 Clone
- Haier H7
- No manufacturer specified i9502+ Samsung Clone
The main countries affected by the malware currently are Vietnam, Indonesia, India, Nigeria, Taiwan and China.