Skip to main content

Another HTC Magic Smartphone Sports Malware

Is Vodafone infecting HTC Magic smartphones? That's seemingly the case. Last week we reported that a Panda Security employee discovered three malware programs on his new HTC Magic from Vodaphone. Now Panda Security is reporting that a second HTC Magic smartphone contains malware, however this time the infected device was spotted by security firm S21Sec over in Spain.

"This guy had also purchased an HTC Magic direct from Vodafone’s official website the same week as my co-worker," said Pedro Bustamante of Panda in this blog. "He hadn’t connected the phone to his PC yet, but as soon as he saw the news, he hurried back home, plugged it in via USB and scanned its memory card with both MalwareBytes and AVG Free. Lo and behold, Mariposa emerged again, exactly in the same way as in our original finding."

Bustamante said that the S21Sec employee sent him the phone's microSD card so that he could find out what happened. The dates of the files led him to believe that this particular Vodaphone HTC Magic was loaded with the Mariposa bot client around one week before the phone was shipped to the S21Sec employee. Bustamante also discovered that the malware was nestled in the same spot as the previous phone.

"Vodafone stated it was an isolated incident, but that theory is losing ground as quick as you can say 'p0wn3d.'" he said. "Originally I had thought it was an issue with a specific refurbished phone as well. But having the exact same botnet client with the exact same characteristics, with such little time difference between the malware being loaded and delivered to the client and all happening during the same week, makes me think this might be a bigger problem, either with QA or with a specific batch of phones."

He warned consumers who purchased the HTC Magic from Vodephone-- a few weeks before or after March 1st 2010-- to scan both the PC and microSD card.