Mobile Trojan “DeathRing” Puts Smartphone Supply Chains at Risk

Image via Flickr by Martin Hassman

Cyber attacks are no longer limited to laptops and desktops. Malware and Trojans are being found on smartphones, too. One recent mobile Trojan, dubbed “DeathRing,” is a definite threat to Android users. It puts smartphone supply chains at risk because of claims that this Trojan is being downloaded at some point during manufacturing.

DeathRing is disguised as a ringtone app. Once it’s on a victim’s phone, a remote user can download browser content and SMS messages, and even control certain functions of the phone. This is obviously a breach of data and security for smartphone owners who purchase phones with the malware already installed. Additionally, there are claims that DeathRing will prompt smartphone users to download additional application packages to “enhance their experience,” when the pakages are really just more malware and phishing software.

Researchers say that the malicious software is practically impossible to remove because it comes pre-installed on the phone. This major data breach could cause major loyalty problems for the Android brand, especially if the problem is not corrected in a timely manner. The Apple brand has always said they have the most secure brand and that is proving to be true as more and more malicious software is being target at Android phones.

The countries with the most affected phones are China, Taiwan, Vietnam, Indonesia, and India — all major smartphone manufacturing locations. This is a major problem for smartphone supply chains because it is unkown exactly where the Trojan is being added to the system software. It also does not affect every device.

Smartphone users are being warned to download a mobile security app and to watch for any account changes that they do not make themselves. Additionally, it’s important to know where you are getting your device from if you choose to buy second hand or from an international business.

Leave a Reply