Karbonn, Gionee and Samsung clones come pre-loaded with DeathRing TrojanDeathRingSmartphones that may come pre-loaded with DeathRing

Lookout says that they have discovered the evidence of pre-loaded DeathRing trojan in Android smartphones and tablets after finding a similar pre-loaded malware called MouaBad earlier this year.

DeathRing

Lookout says that the DeathRing comes with your shiny Android smartphone disguised as a ringtone app but in reality it is a trojan which goes on to download SMS and WAP content from its command-and-control server to the users smartphone.  Once the trojan is in contact with the command and control server, the cybercriminals use your device to phish personal and banking information via fake texts or prompts you to download more malware disguised in APKs. Lookout says that the malware comes pre-loaded on certain Samsung clones and other Android smartphone brands which are given below and is activated either after the phone is powered down and rebooted five times or after the victim has been ‘away and present’ 50 times.

Smartphones that may come pre-loaded with DeathRing

Lookout says that it is not tracking the supply chain of Android smartphones that have DeathRing installed but has given a list of smartphones which they say come with the pre-loaded Chinese trojan.

Counterfeit Samsung GS4/Note II Various TECNO devices Gionee Gpad G1 Gionee GN708W Gionee GN800 Polytron Rocket S2350 Hi-Tech Amaze Tab Karbonn TA-FONE A34/A37 Jiayu G4S – Galaxy S4 Clone Haier H7 Unspecified Samsung S4 i9502 Clone

The DeathRing seems to come pre-loaded only in clones and low end Android smartphones as per the Lookout study.  Lookout has said that the Anti Virus vendors cant remove this malware since it comes pre-installed in the phone’s system directory however they will warn if you of the presence of the malware. Once made aware of the malware you can approach the smartphone seller for a refund.  Lookout says as a buyer, you should check the origins of the smartphones while buying.  Another indicator of malware being present is that you are running high telecom bills on account of premium SMS services and data downloads.