Security researchers recently unveiled findings about malware that came preinstalled on a Vodafone mobile phone handset. Its memory card was also believed to carry malware. A leading mobile telecommunications company, Vodafone, has been taking the heat for packing malware straight out of the box on their HTC Magic Android smartphones. The recipient of one of the malware-laden phones was, fortunately, an employee of the Spanish antivirus firm, Panda Security. Plugging the phone in via USB into any PC quickly led to an infection by WORM_SILLY.QT. Vodafone has already released an official statement saying that the infected phone problem was an isolated one.
Trend Micro advanced threats researcher Ryan Flores believes it is likely that a computer in Vodafone’s production line has been infected by WORM_SILLY.QT. And because of the worm’s capability to propagate through removable drives, somehow SD cards in a certain batch of smartphones were infected.
This is a perfect example of one of the many threats presented in Trend Micro’s Future of Threats and Threat Technologies report.
While it may be a rare occurrence for the mobile giant, Vodafone, this type of off-the-shelf malware has already made one too many appearances mainly due to the common practice of syncing phone and music devices to one’s PC. Here is a rundown of past off-the-shelf malware reports:
- Digital Photo Frames Frameup?
- Out of the Factory, into the USB
- Get Your IPOD Now—And Get a Free Worm!
- McDonald’s Japan Recalls Promotional MP3 Players
Trend Micro™ Smart Protection Network™ protects product users from this threat by detecting and preventing the file’s execution on affected systems via the file reputation service.
Update as of March 23, 2010, 3:26 p.m. (GMT +8:00):
The Register reports that Vodafone Spain admitted to supplying 3,000 HTC Magic smartphones with preinstalled malware. This admission proves that it was not an isolated incident as was previously reported.