Deathring
description
Transcript of Deathring
![Page 1: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/1.jpg)
![Page 2: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/2.jpg)
does it do?
![Page 3: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/3.jpg)
It masquerades as a ringtone app, but instead can download SMS and WAP
content from its command and controlserver to the victim’s phone.
What Does it Do?
![Page 4: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/4.jpg)
What Does it Do?
It uses SMS content to phishvictim’s personal information by
fake text messages requesting the desired data.
![Page 5: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/5.jpg)
What Does it Do?
Use WAP, or browser, content to
prompt victims to download further APKs — concerning given that the malware
authors could be tricking people into
downloading further malware that extends
the adversary’s reach into the victim’s device and data.
![Page 6: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/6.jpg)
The malware will activate if
the phone is powered down and rebooted five times. On the fifth reboot, the malware starts.
What Does it Do?
![Page 7: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/7.jpg)
What Does it Do?
The malicious service will start after the victim has been
away and present at the device at
least fifty times.
![Page 8: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/8.jpg)
Which phones are affected?
Counterfeit Samsung GS4/Note II
Various TECNO devices Gionee Gpad G1 Gionee GN708W
Gionee GN800 Polytron Rocket S2350
Hi-Tech Amaze TabKarbonn TA-FONE A34/A37 Jiayu G4S – Galaxy S4 Clone
Haier H7 No manufacturer specified
i9502+ Samsung Clone
These devices are
mostly from third-tier manufacturers selling phones to the
developing world.
![Page 9: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/9.jpg)
Android Antivirus programs can
clean your Smartphone of most
malware, but they can't do a
thing when the malware comes pre-installed.
Protection?
![Page 10: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/10.jpg)
Vietnam, Indonesia, India, Nigeria, Taiwan, and China.
Likely Countries EFFECTED?
![Page 11: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/11.jpg)
DeathRing is the second
significant example of pre-installed mobile malwarefound on
phones during 2014.
Anything Similar?
Mouabad is also pre-installedsomewhere in the supply chain and
affected predominantly Asian countries, though Lookout did see
some detections in Spain.
![Page 12: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/12.jpg)
What to DO to avoid?
Be aware of the origins of the device you’re buying.
Download a mobile security app but we wise on your choice
of App
Regularly check your phone
bill for any curious charges.
![Page 13: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/13.jpg)
Based on & References ?
http://news.techworld.com/security/3589748/android-deathring-malware-being-pre-loaded-on-cheap-smartphones/
https://blog.lookout.com/blog/2014/12/04/deathring/
http://www.theregister.co.uk/2014/12/04/cheapo_androids_prepwned_with_mobile_malware/
http://www.cio.com/article/2854967/malware/android-deathring-malware-being-preloaded-on-cheap-
smartphones.html
http://www.infosecfeeder.com/2014/12/android-deathring-malware-being.html
![Page 14: Deathring](https://reader033.fdocuments.in/reader033/viewer/2022060202/559cd64e1a28ab945f8b45e8/html5/thumbnails/14.jpg)
http://about.me/anupam.tiwari
https://www.youtube.com/user/anupam50/videos
http://anupriti.blogspot.in/