The Record reports that the smartphones of the German manufacturer Gigaset were infected with malware through malicious updates, as unknown attackers compromised the update server.
I must say that in the early 2000s, this German company operated under the brands Siemens Mobile and BenQ-Siemens and was one of the largest manufacturers of mobile phones.
The manufacturer has already confirmed the fact of the hack in an interview with reporters Heise and BornCity.
Gigaset said the issue mainly affected older devices that received malicious firmware updates. Newer models were not affected, that is, the hack did not touch: GS110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290 plus, GX290 PRO, GS3 and GS4.
According to German bloggers, Twitter users and Google support forums, the hack occurred last Friday, April 2, 2021. It was then that users began to report the installation of strange applications that quickly drained the batteries of devices and opened sites with gambling and advertising in the browser.
“My mom’s smartphone has a malicious application that somehow hides and cannot be removed (we have already uninstalled countless applications): the Chrome browser constantly opens on its own and opens different advertising sites”, — Twitter user Das Menschy wrote.
Also, the victims’ devices could send unwanted SMS and spam in WhatsApp, which is why some users’ WhatsApp accounts were blocked for suspicious activity. Some victims even report that they have lost control of all their Facebook accounts.
The journalists say that the following applications were installed on the victim’s smartphones:
- com.yhn4621.ujm0317
- com.yileiya.ayase (Tayase)
- com.wagd.xiaoan (xiaoan)
- com.wagd.smarter (smart)
- com.dolphinstudio.hook
- com.dolphinstudio.taiko
- com.relax.rain
- BBQ Browser
- easenf
Many users have had difficulty uninstalling these apps as they reappeared on their devices.
According to Gigaset, the incident did not affect all users, but only those who received firmware updates from one specific server. The company assures that it is currently working “on a short-term solution for the victims”, and is also investigating the incident together with information security experts and law enforcement agencies.
Let me remind you that I wrote that BazarCall malware is distributed through underground call centers.