Wireless telecoms giant Vodafone has been distributing malware to it’s customers via it’s mobile phones, a recent blog post from the Panda Research Team shows.
A member of the research team had a brand new Vodafone HTC Magic delivered, a device powered by the open-source Android mobile operating system.
Upon connecting it to her computer, the employee received a warning from her Panda Cloud Antivirus warning her about a potential threat from files already on the device.
Two malicious files were found to be mounted on the external drive, a close inspection revealed that these files; autorun.inf and autorun.exe, had already spread to the computer the phone was plugged into, by way of a Mariposa bot client starting to take effect.
It appears the malware on the HTC Magic handset was a modified version of the the Mariposa bot client created by a Spanish malware collective called the Días de Pesadilla (Nightmare Days) Team.
Once the computer was infected, the malware would “phone home” to a remote server to receive further instructions. It is thought the malware would steal confidential credentials, change on the results shown in search engines and displaying pop-up ads, indicating the main aim was to profit from the botnet.
Vodafone’s blushes weren’t limited to the Botnet either; both the Confiker and a Lineage password stealing malware were also found on the device.
There is no indication whether the HTC Magic handset was the only device infected with the botnet malware or whether it was a fault on Vodafones or HTC’s part.
Update: Vodafone have released a statement highlighting the incident was isolated but they are investigating further:
Vodafone takes the security and privacy of its customers extremely seriously and launched an immediate investigation into this incident.
Following extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident
Vodafone keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy.