Malware found pre-installed in cheap push-button mobile phones sold in Russia

Sep 6, 2021 10:00 am Cyber Security 494

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.

A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores

The expert noticed that several push-button telephones contain unwanted undocumented functions such as automatically sending SMS messages or going online to transmit purchase data or phone info (IMEI and SIM-cards IMSI). The researcher spotted a built-in Trojan that sends paid SMS messages to short numbers in some models, other devices contained a backdoor that sends incoming SMS messages to the attackers’ server. All the remote servers contacted by the devices were located in China,

The tainted push-button devices are DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3.

The researchers analyzed the firmware and set up a 2G base station in order to intercept and analyze the devices’ communications.

The expert analyzed 5 models and only one of them, the Inoi 101 was clean. Below is the list of the tested devices and the behavior they were exhibiting.

Inoi 101 – Clean.

Itel it2160 – The device was spotted transferring some info to the domain asv.transsion.com (Country, Model, Firmware version, Language. Activation time, Base station ID (LAC / TAC)). The researcher found on the server a panel containing information about the devices sold.

F+ Flip 3 – The device reports “the fact of sale” via SMS to the number +79584971255 , sending IMEI and IMSI in the body of the message.

DEXP SD2810 – The expert pointed out that even if the device does not cont ..

Support the originator by clicking the read the rest link below.