IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Gigaset devices laced with malware after third-party server hack

Several Android smartphones have been pre-packaged with malicious apps as part of a supply chain attack

Cyber criminals managed to sneak several malicious apps onto Gigaset Android devices by compromising a server belonging to an external update service provider.

Earlier this week, a researcher discovered that several smartphone models being sold in Germany were embedded with malware straight out of the box through a pre-installed system update app. The models affected, according to Malwarebytes, include the Gigaset GS270 and GS160, Siemens GS270 and GS160, all running Android 8, as well as the Alps P40pro, running Android 9, and S20pro+, running Android 10.

Symptoms of infection include browser windows suddenly opening with ads, WhatsApp accounts being blocked, Facebook accounts being taken over completely, and malicious text messages being sent automatically. These occur alongside the device toggling into Do Not Disturb mode by itself, considerably slow performance, and battery life draining much fast than expected.

Gigaset has confirmed with the Hacker News that the infections have come about as a result of hackers infiltrating a server owned by an external update service provider and that it’s taken steps to alert them of the issue.

The infections were first reported on 27 March, with Gigaset eventually closing the vulnerability on 7 April after the third-party company regained control of the compromised server.

"Measures have been taken to automatically rid infected devices of the malware. In order for this to happen the devices must be connected to the internet (WLAN, WiFi or mobile data),” the company said. “We also recommend connecting the devices to their chargers. Affected devices should automatically be freed from the malware within eight hours.”

Hackers were able to install the malicious apps onto these Android devices by hijacking the official update channels, known on these devices as the package ‘com.redstone.ota.ui’. Because this was a pre-installed system app, victims couldn’t easily remove it using traditional methods.

Although the infections are mostly present in Germany, the attack method will concern device manufacturers worldwide. The phones were sold to customers already infected with a host of malicious apps, and no interaction was required on their part.

This is the latest supply chain attack to be reported in recent months, following a host of more devastating incidents including the infamous SolarWinds Orion Platform and Microsoft Exchange Server attacks.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022