Security News > 2021 > April > Another supply-chain attack? Android maker Gigaset injects malware into victims' phones via poisoned update
Roid smartphones from Gigaset have been infected by malware direct from the manufacturer in what appears to be a supply-chain attack.
The Trojan, once downloaded and installed on a victim's device via a poisoned software update from the vendor, is capable of opening browser windows, fetching more malicious apps, and sending people text messages to further spread the malware, say researchers and users.
Gigaset told the news website the incident only affects "Older devices," and that it would provide more details soon.
The antivirus biz identified two of the malware strains emanating from Gigaset as Android/Trojan.
The attack vector is a system update application, identified as com.
Malwarebytes' Nathan Collier speculated in a post that crooks had compromised Gigaset's update servers to distribute the Trojans, a scenario Heise's reporting - and this Google support thread - tends to confirm.
News URL
Related news
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- Serbian police used Cellebrite zero-day hack to unlock Android phones (source)
- Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)