Low-cost mobile phones being sold at online stores in Russia had pre-installed malware capable of performing different malicious activities. The warning was given by Russian security researcher ValdikSS in a report released last week.
The specialist discovered the problem while conducting tests on five cell phone models with physical keyboards inspired by the classic Nokia phones and purchased via the internet. According to him, four of the analyzed devices showed strange behavior.
In the DEXP SD2810 model, the IMEI code and the International Mobile Subscriber Identity (IMSI) were sent to a remote server, along with other data, as soon as the device was activated, even without an internet browser. The device also fired SMS messages to a premium number.
Some phone owners had already reported strange device behavior. Source: ValdikSS/Reprodução
Similar activities were noted on the Itel it2160, F + Flip 3 and Irbis SF63 mobile phones, the latter still registering the phone number in online services such as Telegram automatically. The only model that did not show malware-related problems was the Inoi 101.
Data sent to China
According to ValdikSS, all remote servers to which the data was sent are located in China. The Asian country is also the origin of the models, produced there and resold in Russian stores as an alternative for those looking for cheap cell phones that do not offer the same tools as smartphones.
The malware was in the phones’ firmware, but the researcher was unable to confirm whether the malicious code was added by the manufacturers or by the supplier of the firmware. Another possibility raised is that they were installed during the transportation of the devices.
After the publication of the report, the manufacturer of the DEXP model launched a recall campaign, offering customers the opportunity to exchange their cell phone for a new one or request a refund of the amount paid. The other companies have not yet commented.