Vodafone HTC Magic shipped with Conficker, Mariposa malware

Researchers from PandaSecurity have detected Conficker and Mariposa malware samples shipped on a recently purchased Vodafone HTC Magic smartphone.
Written by Dancho Danchev, Contributor

Just when you thought you have taken care of all the possible malware infection vectors, flawed quality assurance procedures once again demonstrate the need for a transparent and systematic approach of ensuring that digital devices are shipped malware-free.

In a new blog post, researchers from PandaSecurity are reporting on Conficker, Mariposa and Lineage password stealing malware samples, shipped with a recently purchased Vodafone HTC Magic smartphone.

More details:

  • Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into. Interestingly enough, the Mariposa bot is not the only malware I found on the Vodafone HTC Magic phone. There’s also a Confiker and a Lineage password stealing malware.

This is not an isolated incident, but an emerging trend. Over the past several years, a multitude of different devices have been shipped with malware that made its way through flawed quality assurance procedures.

Here's a brief retrospective of reported cases where digital devices were shipped with malicious software:

The Vodafone HTC Magic incident is the second for March, 2010, following the recently reported malware infected Energizer DUO USB battery charger.

Editorial standards