Jul 08, 2015
does it do?
It masquerades as a ringtone app, but instead can download SMS and WAP
content from its command and controlserver to the victim’s phone.
What Does it Do?
What Does it Do?
It uses SMS content to phishvictim’s personal information by
fake text messages requesting the desired data.
What Does it Do?
Use WAP, or browser, content to
prompt victims to download further APKs — concerning given that the malware
authors could be tricking people into
downloading further malware that extends
the adversary’s reach into the victim’s device and data.
The malware will activate if
the phone is powered down and rebooted five times. On the fifth reboot, the malware starts.
What Does it Do?
What Does it Do?
The malicious service will start after the victim has been
away and present at the device at
least fifty times.
Which phones are affected?
Counterfeit Samsung GS4/Note II
Various TECNO devices Gionee Gpad G1 Gionee GN708W
Gionee GN800 Polytron Rocket S2350
Hi-Tech Amaze TabKarbonn TA-FONE A34/A37 Jiayu G4S – Galaxy S4 Clone
Haier H7 No manufacturer specified
i9502+ Samsung Clone
These devices are
mostly from third-tier manufacturers selling phones to the
developing world.
Android Antivirus programs can
clean your Smartphone of most
malware, but they can't do a
thing when the malware comes pre-installed.
Protection?
Vietnam, Indonesia, India, Nigeria, Taiwan, and China.
Likely Countries EFFECTED?
DeathRing is the second
significant example of pre-installed mobile malwarefound on
phones during 2014.
Anything Similar?
Mouabad is also pre-installedsomewhere in the supply chain and
affected predominantly Asian countries, though Lookout did see
some detections in Spain.
What to DO to avoid?
Be aware of the origins of the device you’re buying.
Download a mobile security app but we wise on your choice
of App
Regularly check your phone
bill for any curious charges.
Based on & References ?
http://news.techworld.com/security/3589748/android-deathring-malware-being-pre-loaded-on-cheap-smartphones/
https://blog.lookout.com/blog/2014/12/04/deathring/
http://www.theregister.co.uk/2014/12/04/cheapo_androids_prepwned_with_mobile_malware/
http://www.cio.com/article/2854967/malware/android-deathring-malware-being-preloaded-on-cheap-
smartphones.html
http://www.infosecfeeder.com/2014/12/android-deathring-malware-being.html
http://about.me/anupam.tiwari
https://www.youtube.com/user/anupam50/videos
http://anupriti.blogspot.in/