Update: We’ve just received a statement from Karbonn, which states:
“Karbonn during its internal testing has not found any such virus in the models: A34 & A37. Further there has been no such complaint related to the possible threats due to malware reported by the A34 & A37 users.”
Yesterday: A mobile security firm Lookout has found that some models of Gionee and Karbonn mobile devices are coming with viruses pre-loaded on them. Researchers at Lookout found a Chinese malware known as DeathRing pre-installed on a number of handsets and devices popular in India and Africa.
DeathRing is a Trojan virus which masquerades as a ringtone application, but instead download SMS and WAP content from its control servers on to a victim’s phone.
In a blog post, Lookout mentions that DeathRing might use SMS content to phish victim’s personal information by fake text messages requesting the desired data. It may also use the phone’s browser to prompt victims to download APKs which may contain further malware that can access the device and its data. The malware is triggered in two ways. The first is that the user needs to switch off and switch on their devices five times. The second trigger which activates the virus is, if the victim has “been away and present” at the device 50 times, i.e. locking and unlocking the device.
Lookout mentions that it is unable to find where in the supply-chain the malware is being installed but the devices are mostly from third-tier manufacturers selling phones to the developing world. The security firm also added that the virus is impossible to remove as it is loaded on the phone’s system directory. Here’s a list of the phones they found it pre-installed on:
- Counterfeit Samsung GS4/Note II
- Various TECNO devices
- Gionee Gpad G1
- Gionee GN708W
- Gionee GN800
- Polytron Rocket S2350
- Hi-Tech Amaze Tab
- Karbonn TA-FONE A34/A37
- Jiayu G4S – Galaxy S4 Clone
- Haier H7
- No manufacturer specified i9502+ Samsung Clone
Gionee says that the devices mentioned in the list are not being sold in India, reports India Today. Gionee India DGM Timir Baran Acharyya told the publication that the Gionee G1 model is off the shelves in India and Gionee GN708W & Gionee GN800 have never gone on sale in India. He added that the device was tested on their end through Quickheal antivirus and NQ Security and the devices came clean.
Earlier in 2014, Lookout had also reported another malware called MouaBad pre-loaded on phones including Karbonn Smart A26 and Xolo A500S phones.
What is interesting in this case is that the DeathRing malware is believed to be of Chinese origin and that most of Karbonn and Lava’s devices are manufactured in China and rebranded and sold here.
It is also interesting to note that the Indian Air Force had has accused Chinese smartphone manufacturer Xiaomi of spying on its users and transmitting user’s personal information back to Chinese servers. Xiaomi’s vice president of international operations Hugo Barra Barra later mentioned that they are migrating their servers and corresponding data for Indian users from their Beijing data centers to Amazon AWS data centers in Singapore and USA, which is expected to be fully complete by the end of this year. The company also plans to setup a local data center in India in 2015.