Gigaset smartphones exposed to massive mobile malware campaign

A mobile security researcher in Germany reports the detection of a new wave of malware affecting smartphones developed by the German company Gigaset. The report, prepared by Günter Born, mentions that a hacking group is deploying an Android malware campaign capable of downloading and installing malicious applications using pre-installed update packages on the system, known as com.redstone.ota.ui.

This is an operating system updater for some mobile devices and a self-installer called Android/PUP. Riskware.Autoins.Redstone. The expert assures that, for the time being, this attack is limited to devices in Europe.

Moreover, the expert claims that another attack variant that is becoming a cybercriminal trend is the use of malicious updates: “A few weeks ago a malicious application capable of stealing information from the compromised device posing as an emergency update was detected. Apparently this fraudulent app could also activate the user’s camera and microphone,” Born reports.

As mentioned at the beginning, this hacking campaign would have mainly affected users of Gigaset devices, which work with the Android operating system. The multiple infections became reports of malfunctions in these devices, which ran from late May to the first week of April.

Affected users reported that some unknown apps suddenly appeared on their devices, generating all sorts of flaws such as:

  • Sudden appearance of browser windows with ads or redirection to betting websites
  • WhatsApp account suspension for critical activity on the device
  • Hijacking Facebook accounts and other social networks
  • Automatic sending of SMS messages
  • Sudden enablement of Do Not Disturb mode
  • Excessively fast battery consumption and device slowdown

The expert does not yet find out what kind of information this malware collects, although the focus on mobile security is to consider that any record stored on a smartphone is exposed to hackers. That’s why, as a security measure, all Gigaset users are advised to reset all passwords on the platforms used on their devices, as well as to stay alert to any new information shared from the company’s official platforms, as they may be about to release a new update.

In this regard, the company issued a statement specifying that only devices that downloaded malicious content from the hackers’ server are exposed to these attacks, as well as noting that only older models are vulnerable. Devices such as GSs110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290 plus, GX290 PRO, GS3 and GS4 are risk-free.