A major mobile operator has recently distributed about 3,000 Android devices pre-loaded with Windows malware. HTC Magic Devices from Vodaphone Spain have come preloaded with no less than 3 pieces of malware, the most severe of which (a “Mariposa” bot client) is configured to automatically run when a phone is connected to PCs running certain versions of Windows. As soon as a PC connects to the phone via USB, the malware uses Windows AutoRun functionality to automatically infect the PC. While it is important to note that the presence of this malware does not affect the operation of the phone, the phone is unsafe for users given how easily it can infect a PC.
This not the first instance, nor will it be the last, where products have come “pre-pwned” from the factory. In the past, manufacturers have unknowingly distributed devices such as computer mice, digital photo frames, and even USB battery chargers that contain malware in their drivers or on the device itself. In the future, phones distributed with preloaded malware present a significant threat, especially if the malware were to infect the phone instead of only infecting PCs.