Magic or Theft?

By Michael Hunter (Contributing Writer)

How ironic is this? An employee of Panda Research (an anti-malware company), received a very special, brand new Vodafone HTC Magic or what we know as the T-Mobile MyTouch 3G here in the US. This device was so special it came bearing gifts, gifts in the form of malicious malware.

When she plugged it in to her computer the virus software immediately detected some suspect auto run executable files. Now, having extensive experience with Android devices I know that the computer shouldn’t even recognize anything has been plugged in until the mount option is selected on the phone, so this part spooked me a bit.

Come to find out the device was surely infected and ready to infect any computer it may have been plugged in to. The type of malware found on the Magic was a Mariposa botnet client, a type of botnet that is very dangerous because once it has been run, programs can be downloaded and executed on demand by the bot master (hacker, i.e. the person stealing all of your information).

This “virus” has the capability of growing and causing more damage, as more code could be written and commands given. Upon digging deeper, a password stealer and a conficker variant were also found on the device. The only magic this device was capable of was giving remote access to all of your personal information and making it disappear.

Don’t worry too much though! The malware was found on the micro SD card that was preinstalled in the device, NOT the device itself. It still has me wondering how something like this could have happened though, the more I think about it the more scared I get, I’m out!

(via: Panda Research Blog)