Just when you thought you have taken care of all the possible malware infection vectors, flawed quality assurance procedures once again demonstrate the need for a transparent and systematic approach of ensuring that digital devices are shipped malware-free.
Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into. Interestingly enough, the Mariposa bot is not the only malware I found on the Vodafone HTC Magic phone. There’s also a Confiker and a Lineage password stealing malware.
This is not an isolated incident, but an emerging trend. Over the past several years, a multitude of different devices have been shipped with malware that made its way through flawed quality assurance procedures.
Here's a brief retrospective of reported cases where digital devices were shipped with malicious software: