Mariposa and Conficker found on a brand new HTC MagicPanda Security reports that a brand new HTC Magic phone supplied by Vodafone came infected with malware out-of-the-box. Amongst the malicious applications on the Android-based phone were a Mariposa botnet client and the infamous Conficker worm.
Researchers at the security vendor got their hands on the infected phone after one of their workmates acquired it from Vodafone Spain. "Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. 'Neat' she said. Vodafone distributes this phone to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions," explains Pedro Bustamante, senior research advisor with the company.
Panda researchers became suspicious of the phone after it was plugged into a workstation via USB and triggered a malware alert from Panda Cloud Antivirus. Further investigation revealed that its memory card was infected with several different strains of malware, including the Mariposa botnet client.
The Mariposa trojan has been in the news lately after security experts took down a 12-million strong botnet based on it. Law enforcement agencies also arrested three Spanish citizens suspected of controlling the army of infected computers. However, it seems the version of the trojan found on the HTC Magic was part of a different botnet.
In addition to the Mariposa malware, security researchers also found a Conficker infection on the memory card. Conficker, also known as Downadup or Kido, is a computer worm that spread panic in the first half of 2009, when it crippled thousands of business and governmental networks worldwide. Finally, a password-stealing trojan targeting Lineage users was also identified on the phone.
In response to the Panda Security report, Vodafone launched an investigation into the incident. "Following extensive Quality Assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident. Vodafone keeps its security processes under constant review as new threats arise, and we will take all appropriate actions to safeguard our customers’ privacy," the company said in a statement.
Incidents of malware being distributed by legit vendors without their knowledge are rare, but not unprecedented. Just yesterday, we reported that battery manufacturer Energizer suspended sales of a USB charger product after malware was discovered in the accompanying software.
Back in September 2009, malware was also found in Windows drivers supplied by gaming hardware manufacturer Razer, while in December 2008, Samsung confirmed that management software for one of its digital photo frames contained a computer worm.