'DeathRing' Chinese Malware Found Pre-Installed On Several Smartphones
Malware authors are trying hard to create malicious software with more innovative ways to infect victims. A new mobile Trojan horse infection has been discovered by security researchers that comes pre-loaded onto low-cost Chinese-made Android smartphones popular in Asia and Africa.

The trojan, dubbed DeathRing, is a Chinese Trojan that masquerades as a ringtone app and comes pre-installed onto some cheap Android smartphones most popular in Asian and African countries including Vietnam, Indonesia, India, Nigeria, Taiwan, and China.

DeathRing malware app cannot be uninstalled or removed by the end user or by antimalware software because it comes pre-installed in the system directory of the handsets at an unknown point within the supply chain, making the threat even more severe.

Though the malware pretends to be a genuine ringtone app, but actually downloads SMS and WAP content from its command-and-control server to the victim's handset, which gives it potential to phish user's sensitive data through fake text messages.
"DeathRing might use SMS content to phish victim's personal information by fake text messages requesting the desired data," the security firm LookOut wrote in a blog post. "It may also use WAP, or browser, content to prompt victims to download further APKs - concerning given that the malware authors could be tricking people into downloading further malware that extends the adversary's reach into the victim's device and data."
DeathRing malware pre-loaded on a number of entry-level phones sold by third-tier manufacturers to developing countries and according to the security firm, the handsets affected are:
  • Counterfeit Samsung GS4/Note II
  • A variety of TECNO devices
  • Gionee Gpad G1
  • Gionee GN708W
  • Gionee GN800
  • Polytron Rocket S2350
  • Hi-Tech Amaze Tab
  • Karbonn TA-FONE A34/A37
  • Jiayu G4S – Galaxy S4 clones,
  • Haier H7
  • a i9502+ Samsung clone by an unspecified manufacturer
However, DeathRing is not the first pre-installed mobile malware spotted by the firm. Earlier this year, LookOut discovered another pre-loaded piece of malware called Mouabad on devices sold by retailers in China, India, and the Philippines. Similar to DeathRing, Mouabad is also somewhere pre-loaded in the supply chain and affected predominantly Asian countries.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.