Security News > 2021 > April > Gigaset Android phones infected by malware via hacked update server
Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack.
Gigaset is a German manufacturer of telecommunications devices, including a series of smartphones running the Android operating system.
"Three malware apps were installed on each of the two affected smartphones, which could fortunately be terminated and uninstalled without any problems, but which were then repeatedly reloaded by the update app running in the background as a system process, unless the update app was terminated manually after each restart: easenf or gem, and in both cases smart and xiaoan," a reader told BornCity.
"An update server used by Gigaset devices for updating was compromised, so that the affected devices were infected by malware," explains Born.
Malware was installed on these devices by a compromised server belonging to an external update service provider.
Measures have been taken to automatically rid infected devices of the malware.
News URL
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)