DeathRing: Non-removable malware affects low-cost smartphones in Asia and Africa, may spread to other countries

A new Trojan horse infection called DeathRing has been detected. The malicious program is present by default within various low-cost smartphones popular in Asia and Africa, making the threat even more severe.

According to security firm Lookout, DeathRing resides within various smartphones by posing as a genuine ringtone app, but in reality tricks users to download SMS and WAP malware-infested content from the Trojan's controlling server.

The malicious SMS text and web content thus downloaded, can be used by cyber criminals to launch varied attacks such as phishing, which leads to invasion of user privacy and poses a threat to confidential user data that is stored within infected smartphones.

Is DeathRing a matter of grave concern? Which smartphones are affected?

Though DeathRing is a Chinese Trojan that is inherent in various popular smartphones across a number of Asian and African countries such as India, Taiwan, Vietnam, Indonesia, and Nigeria, the malicious software has also been detected in other parts of the world as well, according to engineers at Lookout.

This could indicate that the DeathRing malware is a sort of slow poison and could also rear its head in major technology hubs of the world such as US, Europe and Australia.

"Like all malware, where the money is, the malware technology follows. If authors find this distribution method to be lucrative, they may evolve to attack the bigger fish," stated a security expert at Lookout, to TechWorld.

Do remember that the above list of countries account for a majority of users preferring to go online via mobile devices, more than using computers.

Also, the DeathRing Trojan horse malware program is said to be capable of tricking users (of smartphones) into downloading various advanced application programming kits [APKs]. Upon reaching a particular host smartphone it could lead to cyber criminals transmitting more malware that could pose a bigger risk to both user data and privacy.

User data, here, predominantly includes various financial and banking related information.

"We are not currently aware of where in the supply chain DeathRing is installed, we know DeathRing is loaded in the system directory of a number of devices," state security engineers at Lookout.

Affected smartphones

Online security experts have released a list of smartphones found to be vulnerable to DeathRing Trojan horse. Check out the list below:

• Counterfeit Samsung Galaxy S4 and Galaxy Note 2
• Gionee Gpad G1
• Gionee GN708W
• Gionee GN800
• Polytron Rocket S2350
• Various TECNO devices
• Hi-Tech Amaze Tab
• Karbonn TA-FONE A34/A37
• Jiayu G4S- Samsung Galaxy S4 clone
• Haier H7
• No manufacturer specified i9502+ Samsung clone

How the malware activates and transmits?

DeathRing Trojan horse activates in two ways. The first activation technique occurs when a smartphone is powered down and rebooted five times.

DeathRing is said to activate on the fifth reboot.

The second activation technique occurs when users of the infected smartphones have been away and present at the device at least fifty times.

DeathRing is inherent within your smartphone's firmware

According to Lookout's security experts, DeathRing cannot be removed by anti-malware solutions provided by third-party digital security service providers as the threat is inherent within a phone's system directory.

Lookout's security folks also have certain security tips for smartphone buyers, especially people buying Chinese smartphones:

• Verify the origin of the purchased device
• Inspect telephone bills, for unknown/excess charges
• Invest wisely on security solutions for smartphones