Gigaset Mobile Users Targeted Via Hacked Update Server

Home/Mobile Security, Targeted Attacks/Gigaset Mobile Users Targeted Via Hacked Update Server

Gigaset Mobile Users Targeted Via Hacked Update Server

Android Device Malware Attack

Malware infection detected in Gigaset Android devices as external update server got compromised.

Gigaset is a German manufacturer of telecommunications devices, including a series of smartphones running the Android operating system.

Earlier Gigaset users suddenly found their Gigaset mobile devices repeatedly opening web browsers and displaying advertisements for mobile game sites.

In addition, during inspection found an unknown application called ‘easenf ‘ running, that when deleted, would automatically be reinstalled.

Based on their research, Malwarebytes states that the ‘Android/PUP.Riskware.Autoins.Redstone‘ app will download further malware on devices that are detected as ‘Android/Trojan.Downloader.Agent.WAGD.’

Source – MalwareBytes

However, the list of malware apps installed on the devices include —

  • Gem
  • Smart
  • Xiaoan
  • asenf
  • Tayase
  • com.yhn4621.ujm0317
  • com.wagd.gem
  • com.wagd.smarter
  • com.wagd.xiaoan

Infected devices

Unless Gigaset mobile devices, below are the list of other manufacturers targeted by malware

  • Gigaset GS270; Android OS 8.1.0
  • Gigaset GS160; Android OS 8.1.0
  • GS170: all software versions
  • GS180: all software versions
  • Siemens GS270; Android OS 8.1.0
  • Siemens GS160; Android OS 8.1.0
  • Alps P40pro; Android OS 9.0
  • Alps S20pro+; Android OS 10.0

Security Mitigation

Gigaset  started investigating the incident intensely by working closely with IT forensic experts and the responsible authorities.

In the meantime researchers were able to identify a solution to the problem, also contacted the update service provider.

Importantly, potentially affected older older smartphone models of the GS100, GS160, GS170, GS180, GS270 (plus) and GS370 (plus) series.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

In order to happen this the devices must be connected to the internet (WLAN, WiFi or mobile data).

Also, it is recommend connecting the devices to their chargers. Affected devices should automatically be freed from the malware within 8 hours.

On the other hand, user are can check and clean their devices manually:

Check the current software version underSettings” -> “About the phone” -> at the bottom under “Build number“.

Also, uninstall the malware if the above mentioned list of apps are found in your device:

Open Settings -> Apps & Notification -> App Info -> Desired App(mentioned above) -> Uninstall

If the apps are still present, please contact Gigaset Service on +49 (0)2871 912 912 (At your provider’s landline rate)

Indicators of Compromise

4395f1d6ba0ae4c512630ecaf367593a6f14c81cb1589173a1c2b8262a474b1c

9d32f72124e6868a3c06e58a20528b0332fac158a133bd9dff8f052d727befd3

By | 2021-04-10T13:11:43+05:30 April 10th, 2021|Mobile Security, Targeted Attacks|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!