In the latest developments, a new Android malware has been detected to be plaguing Gigaset mobile devices that led to unwanted apps being installed on the devices via a pre-installed system update app.
Malicious Gigaset system update application:
Security researchers analyzing the Android malware have noted that the update application of the devices whose package name is ‘com.redstone.ota.ui’ is a pre-installed system app.
This app acts as the devices’ system updater as well as carries out auto installation functionalities called and is called ‘Android/PUP.Riskware.Autoins.Redstone’.
This Gigaset malware was initially reported by German blogger Günter Born in the previous week.
While the particular Android malware primarily impacts the Gigaset phones, other manufacturers are also reportedly affected due to the malware.
The full list of devices that come with the pre-installed auto-installer includes Gigaset GS270, Gigaset GS160, Siemens GS270, Siemens GS160, Alps P40pro, and Alps S20pro+.
According to trusted security sources, the Update app in the Gigaset devices installs three variants of a trojan called “Trojan.Downloader.Agent.WAGD” that has the mal- abilities to be able to send WhatsApp and SMS messages, redirect victims to malicious websites, and download supplementary malware-ridden apps.
The ability to forward WhatsApp messages is particularly concerning since WhatsApp is a widely deployed application and the misuse of such a platform can spread malware infections to devices other than Gigaset.
Apparently, a second trojan has been observed and reported by users called the “Trojan.SMS.Agent.YHN4 after getting redirected to malicious gaming websites by the aforementioned malicious system update app.
Unlike third-party apps downloaded from the Google Play Store, system apps cannot be easily uninstalled from mobile phones without resorting to tools like Android Debug Bridge.
Gigaset addresses the malware:
Gigaset has since addressed the malware cyberattack, confirming it and stating that an update server employed by their devices and systems to retrieve software updates was jeopardized.
They have also noted that the devices that relied on the aforementioned software update server are the ones that were impacted by the android malware attack.
The company has affirmed fixing the issue and is expected to deploy an update to remove the malware from infected phones.