A new wave of malware threatens Gigaset mobile devices. According to German blogger Günter Born, who first reported the issue, this new Android malware campaign downloads and installs unwanted apps through a pre-installed system update app packages dubbed com.redstone.ota.ui.
It is a mobile device system updater and an auto-installer called Android/PUP.Riskware.Autoins.Redstone.” The malware is affecting devices based in Europe.
It is worth noting that malware attacks involving phony system updates are increasing. Just a couple of weeks ago it Hackread.com reported about a malware app that posed as System Update to steal user data. The malware was also capable of controlling the device’s front and back camera to take photos periodically.
Malware infestation started right after Easter
According to reports, the malware campaign was detected just in time around Easter, which mainly affected Gigaset Android handsets. Since then, users started reporting malware infection on April 1st, 2021 and continued to report it until April 4, 2021.
They complained about unwanted applications getting automatically installed on their smartphones. The main issues highlighted by affected users included:
- Browser windows abruptly opening with ads or redirecting to gambling sites.
- Due to critical activity on the handset, WhatsApp accounts get suspended.
- Facebook accounts are getting hijacked.
- SMS messages being sent automatically.
- The phone enters Do Not Disturb mode.
- The battery gets quickly drained.
- The mobile becomes slow.
Is there a risk of data compromise?
It is yet unclear what type of data the malware can collect. However, as per cybersecurity experts, it should be assumed that the data stored on the device will be compromised.
Therefore, users of banking apps or those who access their online accounts via Gigaset smartphones should immediately change their login credentials.
Additionally, users must get on alert if their Gigaset mobile starts behaving unusually and any of the abovementioned issues start to occur because this indicates infection.
After the German author/blogger reported the issue, Gigaset’s Quality Assurance Department confirmed that its update server was delivering the malware. Only those devices that received updates from this server were affected.
According to Malwarebytes’ report, this includes older Gigaset smartphones, such as GS 170 and 180, while models GSs110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290 plus, GX290 PRO, GS3, and GS4 are not under threat.
Nevertheless, the good news is that the issue has been fixed, and malware isn’t being delivered now. An investigation into the matter is underway.