After our initial coverage of the Vodafone HTC Magic malware incident, the Panda Research Team have highlighted a second instance where a Vodafone customer has found the Mariposa Botnet laying dormant on their HTC Magic smartphone.
The second incident was brought to the attention of the Panda Research Team Spanish by IT security company S21Sec, after one their employees had purchased a brand new HTC Magic from the official Vodafone website.
Acting on the Panda’s recent suggestion that the HTC model could be infected, the employee connected his handset to his computer via USB, scanning it’s contents with two readily available anti-virus solutions. Much to his (apparent) surprise the Mariposa malware was detected on the smartphone, exactly as described in Panda’s original findings.
The S21Sec employee immediately contacted the research team at Panda, sending them the MircoSD card so they could run some further tests. It appeared that the malware was loaded on his HTC Magic handset on March 1st, 2010, just over a week before the phone was delivered from Vodafone.
The identification of a second handset infection is somewhat surprising considering Vodafone’s statement assuring customers “that this was an isolated local incident”. Because the second handset sent to this specific was customer was a brand new handset, it also suggests that Vodafone have an issue with their QA or processes involved with obtaining the handsets themselves.
These incidents look to be isolated to Spanish customers with future cases looking less frequent due to Vodafone’s (unrelated) decision to discontinue the HTC Magic from their product ranges to feature a set of higher powered Android smartphones.