We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,773 News Articles

Malware infects 3,000 Vodafone smartphones

Memory card on HTC Magic handsets to blame

Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone has revealed.

The problem came to light earlier this month after an employee of Panda Security plugged a newly ordered phone into a Windows computer, where it triggered an alert from the antivirus software.

Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm and a password stealer for the Lineage game.

Vodafone said then it was an isolated incident, but an employee at Spanish security company S21sec discovered another phone with an infected card, which it sent to Panda. That phone was purchased directly from Vodafone's website in the same week as the first phone, according to Panda.

It is unclear how the batch of memory cards became infected although an investigation is under way, said a spokesman for Vodafone in Spain. There are no problems with either the HTC Magic phone or its Android OS. The malware only affected phones sold in Spain.

Vodafone will send a letter along with a new memory card to affected customers, the spokesman said. The letter will contain instructions for how customers can give their PCs free antivirus scans on Panda's website, which partners with Vodafone. He said Vodafone will give security software to people whose computers have become infected as a result of plugging in an infected HTC phone.

With the first phone, the Mariposa botnet code automatically ran and attempted to infect a computer. Mariposa was at one time one of the largest botnets, but security researchers were able to shut it down in December after disabling its command-and-control servers.

Conficker is a worm that still infects millions of machines worldwide, but its autorun capability may have been disabled by Mariposa, Panda said. The password-stealing program would not run unless someone double clicked the file.

See also:

PC security advice

Mobile phone reviews


IDG UK Sites

Samsung Galaxy Alpha vs iPhone 5S comparison review: Metal smartphones fight

IDG UK Sites

Gateway to your kingdom: why everybody should check and update their broadband router

IDG UK Sites

Fonts review

IDG UK Sites

Best Mac? Complete Apple Mac buyers guide for 2014