Malware found preinstalled in classic push-button phones sold in Russia
A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores.
In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to prevent detection.
ValdikSS, who set up a local 2G base station in order to intercept the phones’ communications, said the devices also secretly notified a remote internet server when they were activated for the first time, even if the phones had no internet browser.
ValdikSS said he tested five old school phones he bought online. A fifth phone, the Inoi 101, was also tested, but the devices did not exhibit any malicious behavior.
All the remote servers that received this activity were located in China, ValdikSS said, where all the devices were also manufactured before being re-sold on Russian online stores as low-budget alternatives to more popular push-button phone offerings, such as those from Nokia.
