An unsuspecting Vodafone customer got quite a nasty surprise when she got her new HTC Magic (MyTouch 3G in the states). Upon plugging it into her Windows PC, Panda Antivirus sounded the alarm. It turns out that the new phone
contained several malware programs
including an installer for the Mariposa botnet.
This wasn’t just any poor soul, lost in the wilds of technology though. Nope, the victim of this sneak attack works for Panda Security. As you can imagine, her coworkers were terribly interested in the phone. Closer examination showed an autorun.inf and autorun.exe that would load the malware on any PC the phone was plugged into. Panda confirmed that the botnet was active, and when installed the software “phoned home” for instructions. They also found a Confiker variant and a password stealer.
Vodafone recently discontinued the Magic, so after current stocks are sold out no one will need fear the phone baddies. Well, until the next time this happens. So how did a Spanish hacker group get their malware on this phone? And more importantly, are more phones affected? It seems unlikely there was just one infected phone, and that it happened to be sold to a Panda employee.