Security News > 2021 > April > Gigaset Android phones infected by malware via hacked update server
Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack.
Gigaset is a German manufacturer of telecommunications devices, including a series of smartphones running the Android operating system.
"Three malware apps were installed on each of the two affected smartphones, which could fortunately be terminated and uninstalled without any problems, but which were then repeatedly reloaded by the update app running in the background as a system process, unless the update app was terminated manually after each restart: easenf or gem, and in both cases smart and xiaoan," a reader told BornCity.
"An update server used by Gigaset devices for updating was compromised, so that the affected devices were infected by malware," explains Born.
Malware was installed on these devices by a compromised server belonging to an external update service provider.
Measures have been taken to automatically rid infected devices of the malware.
News URL
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- New Android spyware found on phone seized by Russian FSB (source)
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)
- Germany blocks BadBox malware loaded on 30,000 Android devices (source)
- Android malware found on Amazon Appstore disguised as health app (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)
- New FireScam Android malware poses as RuStore app to steal data (source)