Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Vodafone reportedly distributing Mariposa botnet

Panda Labs, the research arm of IT security vendor Panda Security, says that one of its colleagues has just received a new HTC Magic handset from the cellular carrier in Spain.

"The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious", said the firm in its security blog.

"A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into", the blog added.

According to Panda Labs, the infection – unlike the one announced last week, which was run by Spanish hacker group 'DDP Team' – is being run by someone called 'tnls.'

What is interesting about this malware is that the Command & Control servers – connected via UDP – appear to be new for the Mariposa botnet, Infosecurity notes, suggesting that it was customised for this infection.

As Panda Labs says: "Once infected you can see the malware 'phoning home' to receive further instructions, probably to steal all of the user's credentials and send them to the malware writer."

Perhaps worse, the IT security vendor notes that it discovered other malware on the handset, including a copy of Conficker and a Lineage password stealing infection.

"I wonder who's doing quality assessment at Vodafone and HTC these days", says the Panda Labs blog posting.

According to Panda, the malware programs were on the phone's 8GB microSD memory card, which mounts as an external drive when plugged into a PC.

This suggests that whoever supplied the microSD cards to Vodafone may be to blame for the infection, although it remains unclear whether the infection was caused by an external agency or originates from within Vodafone's handset preparation facility.

Vodafone has confirmed it is looking into the situation but has told reporters it may be an isolated incident.

A spokesperson told Panda Security: "We will obviously fully investigate this and make sure that any necessary changes to our security policies are put in place."

What’s Hot on Infosecurity Magazine?