Malware found on HTC Android phone from Vodafone

Security firm Panda says it found several types of malware on an HTC Magic on an Android-based device from Vodafone.

(Credit: HTC)

An employee at Spanish antivirus firm Panda Security received a new Android-based Vodafone HTC Magic with malware on it, according to researchers at Panda Labs.

"Today one of our colleagues received a brand new Vodafone HTC Magic with Google's Android OS," researcher Pedro Bustamante wrote on the Panda Research Blog on Monday.

"The interesting thing is that when she plugged the phone to her PC via USB, her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious," he wrote. "A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into."

The malware began "phoning home" for instructions, Bustamante wrote. It's likely the user's credentials would have been stolen, he speculated.

The malware turned out to be related to the Mariposa botnet, but there was other malware on the device too--Conficker and a Lineage password-stealing Trojan, he said.

A Vodafone spokesperson did not return an e-mail from CNET seeking comment, but The Register published a statement from Vodafone that said it is investigating the matter.

"Following extensive quality assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident," the statement said.

Last week, three people were arrested in Spain on charges of operating a massive botnet composed of 12.7 million PCs that stole credit card and bank log-in data and infected computers in half of the Fortune 1,000 companies and more than 40 banks. The botnet was dubbed "Mariposa," which means butterfly in Spanish.

Updated at 1:07 p.m. PST with background on Mariposa-related arrests.

[Goodbye Helicopter]

haha

[slapppy]

Yes big fat FAIL. There is your real Microsoft Windows Tax, extended! Ahaha

[fudbuster77]

Important to note this phone was only a danger to PC's running Windows for the exploit to work. Even though it's a Linux based device, the OS of the phone itself was not in danger. It was only a carrier of the malware.

iPhones, iPods, and many cases of mass storage devices like external hard drives or even SD cards have had this problem in the past with the source being the one that is affected at the OEM and spreading out through the distribution of new devices in the retail chain.

[pradhanavs]

iPhones, iPods?????where did you get this from? iPhone and iPods are never affected with virus(ofcourse if you jail break...that itself will open all the doors)....so stop spreading wrong info like virus........

[cloudmatt]

And as the article also said that a free virus scanner caught it. True you have to know to install it but it does the trick.

Photo frames, battery chargers and now this. They are getting sneaky.

[danielwsmithee]

He is correct in using the term iPhone or iPod as they can function as external disks. In that case as in this case the iPhone would not be infected with the Virus, but the Wincdows PC you connect the iPhone to would be. In essence an external drive can be a carrier.

In fact I seem to recall back in 2003 or 2004 Apple had a batch of iPods that this occurred on. A machine in the factory that produces and tests the iPods got infected. iPods were connected to the machine to test the iPod prior to shipping and were getting infected in the same manner.

This can happen to any device that works as an external drive.

[Notjub]

pradhana, read again...it only affects Windows systems, but it can be carried to no effect on mass storage devices(Android/iPhone).

[1981abc]

@pradhanavs

It seems from fudbuster77 comment that he was referring to their ability of acting as storage devices to spread viruses, which it seems logical i.e it is not the system but the memory carrying the virus etc.

[fudbuster77]

Perhaps you misunderstood my comment or didn't read them fully before posting a reply.

iPhones and iPods have come from the factory carrying malware and other such goodies as they are treated as mass storage devices on many systems. They are no different from a USB thumbdrive in that manner. It has happened to pretty much all the OEM's that have mass storage devices.

I didn't say the iPhone or iPod was infected with a virus. In fact, nobody here has at all even mentioned a virus. I believe you are misunderstanding the article.

[noAppleFanBoy]

looks like pradhanavs is an apple fan boy...
If you look at the details of the article - you will see that autorun.inf and autorun.exe were infected. As fudbuster77 rightly pointed out, the android device itself was safe..This could and has happened to iphones and ipods...

[Renegade Knight]

@pradhanavs

Anything with a USB mode would be able to carry malware like this. It doesn't matter who makes it.

[george_liquor]

I have an iPhone, and I can say for certain it doesn't function as a USB mass storage device. It's one of the many things I find maddening about the iPhone, but at least (I suppose) it's not possible for it to act as a malware carrier.

[vietgotrices]

@firstbuster77

First off... Apple doesn't ship the iphone or ipod or itouch with disk drive enable. The consumer have the option to enable disk drive but itune will format the hard drive then sync.

[solitare_pax]

Well, this doesn't look like a good start for the iPhone killer...

[lil-yankee]

Why people like to juxtapose.
The phone did not have the virus, it just carried it.
IPhones, ipods, Mac, all do this.
Its different carrying a virus as opposed to being affected by it, however you wouldn't know this
I guess is time to read before you write...
Best regards

[ProfFrink]

@lil-yankee, regardless of it merely being a carrier, I'm sure once someone discovered their computer had been compromised because of their new phone, they will hardly hold it in high regards after the infection. I understand this could very well have been an isolated incident, but until we hear otherwise, I doubt a lot of people will be clamouring to get their hands on this unit.

Still, very unfortunate for any company to have this bad publicity...

[Yelonde]

Actually lil-yankee, no they don't. Windows cannot right to Mac Journaled partitions, unless you have macdrive, but that rarely happens.

[tm_anon]

Actually Yelonde, yes they do. If you've been sent a .doc file with a virus attached and you're running OS X, you technically have a virus. However, because you're running OS X, the virus won't run.

It doesn't matter that Windows can't write to the file format used by OS X or to Ext 3 or Ext 4, the file was sent, the file was saved, the virus is still attached. Because of this, you're machine is now a carrier. It's the reason I have an A/V on Ubuntu 9.10 and will continue to have one.

[Wingsy]

@tn_anon
"It's the reason I have an A/V on Ubuntu 9.10 and will continue to have one."

Not me. I refuse to devote even one processor cycle to A/V in order to help clear up the Windows virus mess. Microsoft made their bed and now they (and anyone naive enough to use it) have to lay in it. I'm enjoying the fact that I can open any email, run reckless around the net and attach anything to my computer with total impunity. I have to admit that I also get a little satisfaction in telling you that. (Yeah, I run a Mac.)

[gantoris]

but .. but ... but .. viruses only ever show up on windows systems *wahhhhh*

[fudbuster77]

Ah, but trolls show up everywhere.

[Notjub]

Correction: Viruses almost exclusively affect Windows systems only. The phone itself was never compromised because it's Linux. Different story if it were WinMo.

[ProfFrink]

@fudbuster77

ROFLMAO! great response!!!!

[kojacked]

"An employee at Spanish antivirus firm Panda Security received a new Android-based Vodafone HTC Magic with malware on it, according to researchers at Panda Labs."

Now isn't that convenient! Free advertising for their anti-virus product! I'm willing to bet this will be called a fraud by the end of the week.

[lil-yankee]

Right on the money. The question should be how did that virus get there in the first place.
But like you said, interesting scenario here...

[mcleaver]

Are Panda still $cientologists?

[ubuntu123]

It sounds to me the SD card is infected not the phone. One should confirm with this "security research firm" where is the original of the SD card. It is entirely possible that that batch of SD card which shipped with these phone are infected.

[cloudmatt]

That's a good point.

[lkrupp]

I guess this what "open system" means.

[lil-yankee]

The system is not infected the memory was, but you wouldn't read that deep now would you?
Guess I know now what lkrupp means...

[davoxdipueblo]

Could it be the SD card or the phone was connected to another compromised computer and the virus self replicated to the storage device in order to infect other computers when it gets plugged ??
I read about the Mariposa threat. . . impressive if you ask me...
I am not paranoid or anything and i always on all my posts i write about how i use Ubuntu and Fedora along with windows OS. But these people are finding more and more ways to steal personal info on mainstream OS that its getting scary

"n employee at Spanish antivirus firm Panda Security received a new Android-based Vodafone HTC Magic" have you asked yourself If the device was brand new how did the malware get in the phone in the first place ? DId it get in at the manufacturers ?? I highly doubt it !!
could it have been a miniSD card ? yes i think so? Do i think kojacked is right on his post above ? yes i do. Corporate sabotage has been around for so long. other competitors for the same market will try to eliminate competition

[czorrilla]

pradhanavs:

Any operating system is susceptible to viruses, trojans, etc. Is completely ignorant to state the Iphone, Ipod, android devices, etc. are immune to malware. One way or another there is always a possibility for this to occur.

[tm_anon]

While prdhanavs comment (in the first thread for anyone looking) was ignorant when concerning the OP above him, his actual comment, when taken by itself, is right.

He never stated that any of those devices is immune (though he may believe that). What he actually stated is simply that they don't get infected, not that they can't.

[Anon-Y-mous]

The virus is NOT caused by a crappy OS on the phone. The phone is only a carrier for the bits that are ALLOWED to infect the host PC, of which can only be infected if it's running Windows.

See the issue here? If I put a virus on a USB stick with an Apple logo does it mean that that Apple products are crap and are infected by viruses? No.. but the second I put it into a windows computer and it auto infects it due to such a crappy O/S, most certainly the problem is in the O/S, not the carrier, the USB Stick.

Here the phone nor the code on the phone is the problem... it's Windows, yet again.

[jaypres]

iPhone will not carry virus also. This is due to the sandbox model used by Apple, which so many trolls criticize for.

[vietgotrices]

when you buy iphone or ipod .. the disk mode is not enable so anything virus will not spread. then when you do enable disk mode, itune will format ipod/iphone before sync.

How do we know that the panda employee didn't put the malware on to the phones storage and then start the complaint.