System update app in Gigaset Android phones identified as malware

A pre-installed malware in Gigaset Android devices has been found targeting unsuspecting users. Here’s what we know so far about the malware.

A new wave of malware threatens Gigaset mobile devices. According to German blogger Günter Born, who first reported the issue, this new Android malware campaign downloads and installs unwanted apps through a pre-installed system update app packages dubbed

It is a mobile device system updater and an auto-installer called Android/PUP.Riskware.Autoins.Redstone.” The malware is affecting devices based in Europe.

Image: Malwarebytes

It is worth noting that malware attacks involving phony system updates are increasing. Just a couple of weeks ago it reported about a malware app that posed as System Update to steal user data. The malware was also capable of controlling the device’s front and back camera to take photos periodically.

Malware infestation started right after Easter

According to reports, the malware campaign was detected just in time around Easter, which mainly affected Gigaset Android handsets. Since then, users started reporting malware infection on April 1st, 2021 and continued to report it until April 4, 2021.

They complained about unwanted applications getting automatically installed on their smartphones. The main issues highlighted by affected users included:

  • Browser windows abruptly opening with ads or redirecting to gambling sites.
  • Due to critical activity on the handset, WhatsApp accounts get suspended.
  • Facebook accounts are getting hijacked.
  • SMS messages being sent automatically.
  • The phone enters Do Not Disturb mode.
  • The battery gets quickly drained.
  • The mobile becomes slow.

Is there a risk of data compromise?

It is yet unclear what type of data the malware can collect. However, as per cybersecurity experts, it should be assumed that the data stored on the device will be compromised.

Therefore, users of banking apps or those who access their online accounts via Gigaset smartphones should immediately change their login credentials.

Additionally, users must get on alert if their Gigaset mobile starts behaving unusually and any of the abovementioned issues start to occur because this indicates infection.

Gigaset confirmation

After the German author/blogger reported the issue, Gigaset’s Quality Assurance Department confirmed that its update server was delivering the malware. Only those devices that received updates from this server were affected.

SEE: Nasty malware duo pre-installed on cheap Android phones

According to Malwarebytes’ report, this includes older Gigaset smartphones, such as GS 170 and 180, while models GSs110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290 plus, GX290 PRO, GS3, and GS4 are not under threat.

Nevertheless, the good news is that the issue has been fixed, and malware isn’t being delivered now. An investigation into the matter is underway.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts