These low-cost phones have been getting infected updates since March

The manufacturer of low-cost smartphones Gigaset has been the victim of a supply chain attack. Result: its server sends malware to its customers' smartphones. Fortunately, only the old models of the brand seem affected.

Malware reinstalled in a loop: here is the misadventure experienced by several owners of Android smartphones from the Gigaset brand since March 27, 2021, according to the Bleeping Computer on April 7. These malwares are of several kinds:

"Adware", which will display advertisements everywhere on the victim's smartphone, a common way for hackers to generate revenue.

“Downloaders” that will call other malicious apps, and try to distribute them to other smartphones. For example, they can send SMS containing infected links from the user's smartphone. Some users claim to have been banned from WhatsApp for “suspicious activity”.

Malware capable of stealing identifiers: some victims claim to have lost control of their Facebook account following the incident.

Victims had no trouble identifying rogue apps that take meaningless names like "easenf", "gem" or "xiaoan". Users can even uninstall these malicious apps in a completely traditional way, without any particular procedure... but they reappear automatically shortly afterwards, sometimes accompanied by new apps.

A successful supply chain attack

The cause of the phenomenon has been identified: hackers managed to compromise one of Gigaset's update servers. They set up what is called in the jargon a supply chain attack: the compromised server distributes malware to users, under the guise of a legitimate update. Android smartphones do not detect the threat because it comes from a source marked as safe.

Hackers favor adware in their attacks. // Source: Louise Audry for Numerama

According to Gigaset, the cyberattack only affects some of the users, and above all, it would only affect older models of the brand. The Bleeping Computer lists 6 infected models, the company cites 12 others which would be spared. The internal investigation has only just begun, and Gigaset promises the first countermeasures within the next 24 hours: both to clean up its server, but also to clean users' smartphones. In the meantime, the most resourceful victims have no choice but to disable device updates via commands accessible in the Developer Options.

Known in the early 2000s as Siemens Mobile and BenQ-Siemens, the company missed the mark when smartphones arrived. Today, the German brand is trying to make its way into the market with models at (very) low prices. She has made a name for herself with a smartphone dedicated to extreme conditions and more recently with the sale of one of her old models by Lidl. The GS110, released in 2019, was marketed at the start of 2021 at only 70 euros. An amount almost too low for this kind of product, even if there are some decent options in this price range.

Tweeter

Share

Share

Share

give back