Feeds

Vodafone ships Mariposa-infected HTC Magic

Android phone comes riddled with bots

Remote control for virtualized desktops

Updated Vodafone has been blamed for shipping Mariposa botnet malware and other nasties on a HTC Magic Android smartphones it supplied.

The mobile phone giant's Spanish arm supplied an HTC Magic smartphone preloaded with malware that attempted to establish a backdoor for stealing information on connected PCs during the synchronisation process. Vodafone acknowledged the problem but said that the incident was an isolated and local problem, which came to light because the customer affected works for Spanish anti-virus firm Panda Security.

The extra code was a strain of the Mariposa bot client that attempted to connect to systems not associated with the recent arrests of three suspected botmasters in Spain, according to an analysis of the attack by Panda Security researcher Pedro Bustamante.

"A quick analysis of the malware reveals that it is in fact a Mariposa bot client," Bustamante explained. "This one, unlike the one announced last week which was run by Spanish hacker group 'DDP Team', is run by some guy named 'tnls' as the botnet-control mechanism shows.

"Once infected you can see the malware 'phoning home' to receive further instructions, probably to steal all of the user’s credentials and send them to the malware writer," he added.

The same mobile phone was also infected by Confiker and a Lineage password-stealing code, according to Panda. The incident came to light because the infected phone was sold to one of Bustamante's colleagues in Spain.

In a statement, Vodafone said the problem, which it is investigating, was isolated.

Vodafone takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incident

Following extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident

Vodafone keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy.

Incidents where computing devices come preloaded with malware are far from unprecedented. Normally problems arise when computers used in manufacturing production lines are themselves infected. ®

Update

Although Panda's screenshot features Vodafone Germany the incident in question happened in Spain.

Remote control for virtualized desktops

More from The Register

next story
You! AT&T! The only thing 'unlimited' about you is your CHEEK, growl feds
Man, we did everything but knock on their doors - carrier
The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay
Goog Wallet apparently also spurned in NFC lockdown
Watch out, Samsung and Apple: Xiaomi's No 3 in smartphones now
From obscurity to selling 19 million mobes a quarter
Brazil greenlights $200m internet cable to Europe in bid to outfox NSA
Only one problem: it won't make the slightest difference. And they know it
Wanna hop carriers with your iPad's Apple SIM? AVOID AT&T
Unless you want your network-swapping tech disabled for good, that is
Knocking Knox: Samsung DENIES vuln claims, says mysterious blogger is a JOKER
But YES, system does store encryption key on the device
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.