Budget Android phones pre-installed with mobile malware

A mobile security firm has discovered pre-installed malware on some entry-level Android phones.

The malware, dubbed ‘DeathRing’ (who’s naming these things?), disguises itself as a ringtone app that comes pre-installed on the phone’s OS. The worst part is that it’s impossible to remove because the ‘app’ is installed in the system directory.

“The Trojan masquerades as a ringtone app, but instead can download SMS and WAP content from its command and control server to the victim’s phone,” a blog post by Lookout explains. “It can then use this content for malicious means.”

In theory, this means that the malware can download an SMS from its command centre asking the victim for personal information – effectively being an SMS phishing attack.

The malware is also capable of prompting users to download APKs (Android application packages) containing more malware, thus increasing the malware’s capabilities.

Supply chain

This isn’t the first time that Lookout has found pre-installed malware on phones this year. Another oddly named malware, Mouaba, was found pre-installed on mobiles in some Asian countries. Both of these examples are installed somewhere in the supply chain, which can seriously harm the image of other parties in the chain that aren’t involved in the criminal strategy.

“This is a concerning development for OEMs and retailers alike – the potential for phones to be compromised in the supply chain would have a significant impact on customer loyalty and trust in the brand,” Lookout wrote.


An organisation that has a member of staff with one of these infected phones faces a serious threat. Due to the malware being pre-installed, a user could buy one of these infected phones and, before they can even take their first selfie, an organisation’s data could be a risk.

The most effective mitigation method for organisations that want to reduce the risks posed by staff using their own devices is a bring-your-own-device (BYOD) policy.

A BYOD policy allows your employees to use their own devices to access privileged company information and applications, but employees must follow a list of rules and regulations.  For example, an organisation in a country where the above infected phones are present may have a rule that states those devices are not permitted to be used in the workplace.

An increasingly popular method of implementing a BYOD policy is using IT Governance’s BYOD Policy Template Toolkit. The toolkit provides your organisation with template documentation, streamlining the implementation process. If your organisation is looking for a more extensive approach to protecting its information, however, then I suggest something else.

Globally recognised standards such as the international standard for best-practice information security management, ISO 27001, sharpen organisations’ focus, bringing awareness of cyber risks as well as providing guidance on their mitigation so that relevant measures are not overlooked.

The No 3 Comprehensive ISO 27001:2013 ISMS Toolkit provides organisations with everything they need in order to successfully implement ISO 27001. Those who buy this comprehensive toolkit in December 2014 will receive three hours of Live Online consultancy support for free, which will greatly help the implementation process.



  1. Simon 8th December 2014
    • Lewis Morgan 10th December 2014