We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,944 News Articles

Malware infects 3,000 Vodafone smartphones

Memory card on HTC Magic handsets to blame

Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone has revealed.

The problem came to light earlier this month after an employee of Panda Security plugged a newly ordered phone into a Windows computer, where it triggered an alert from the antivirus software.

Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm and a password stealer for the Lineage game.

Vodafone said then it was an isolated incident, but an employee at Spanish security company S21sec discovered another phone with an infected card, which it sent to Panda. That phone was purchased directly from Vodafone's website in the same week as the first phone, according to Panda.

It is unclear how the batch of memory cards became infected although an investigation is under way, said a spokesman for Vodafone in Spain. There are no problems with either the HTC Magic phone or its Android OS. The malware only affected phones sold in Spain.

Vodafone will send a letter along with a new memory card to affected customers, the spokesman said. The letter will contain instructions for how customers can give their PCs free antivirus scans on Panda's website, which partners with Vodafone. He said Vodafone will give security software to people whose computers have become infected as a result of plugging in an infected HTC phone.

With the first phone, the Mariposa botnet code automatically ran and attempted to infect a computer. Mariposa was at one time one of the largest botnets, but security researchers were able to shut it down in December after disabling its command-and-control servers.

Conficker is a worm that still infects millions of machines worldwide, but its autorun capability may have been disabled by Mariposa, Panda said. The password-stealing program would not run unless someone double clicked the file.

See also:

PC security advice

Mobile phone reviews


IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs 2014

IDG UK Sites

iOS 8 features wishlist: the changes iPhone and iPad users want in Apple's iOS 8

IDG UK Sites

25 Years of the World Wide Web: Happy Birthday, Intenet

IDG UK Sites

Developers get access to more Sony camera features