Malware found on HTC Android phone from Vodafone

HTC mobile device running Android was distributed by Vodafone with a botnet program on it, as well as Conficker and a password-stealing Trojan, Panda Labs says.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Security firm Panda says it found several types of malware on an HTC Magic on an Android-based device from Vodafone. HTC

An employee at Spanish antivirus firm Panda Security received a new Android-based Vodafone HTC Magic with malware on it, according to researchers at Panda Labs.

"Today one of our colleagues received a brand new Vodafone HTC Magic with Google's Android OS," researcher Pedro Bustamante wrote on the Panda Research Blog on Monday.

"The interesting thing is that when she plugged the phone to her PC via USB, her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious," he wrote. "A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into."

The malware began "phoning home" for instructions, Bustamante wrote. It's likely the user's credentials would have been stolen, he speculated.

The malware turned out to be related to the Mariposa botnet, but there was other malware on the device too--Conficker and a Lineage password-stealing Trojan, he said.

A Vodafone spokesperson did not return an e-mail from CNET seeking comment, but The Register published a statement from Vodafone that said it is investigating the matter.

"Following extensive quality assurance testing on HTC Magic handsets in several of our operating companies, early indications are that this was an isolated local incident," the statement said.

Last week, three people were arrested in Spain on charges of operating a massive botnet composed of 12.7 million PCs that stole credit card and bank log-in data and infected computers in half of the Fortune 1,000 companies and more than 40 banks. The botnet was dubbed "Mariposa," which means butterfly in Spanish.

Updated at 1:07 p.m. PST with background on Mariposa-related arrests.