Windows malware found on second HTC Magic cellphone; Mac and iPhone unaffected

“When Panda Security found malware on a brand new Android-based Vodafone HTC Magic earlier this month, Vodafone said it was an ‘isolated local incident,’” Elinor Mills reports for CNET.

“Now, a second phone has been found harboring malware, including a program that turns infected machines into zombies as part of the Mariposa credit card and bank log-in-stealing botnet, according to Spain-based PandaLabs,” Mills reports. “After hearing about PandaLabs’ discovery, an employee at another Spanish security company, S21Sec, checked his recently-acquired HTC Magic and found the Mariposa malware lurking on it.”

Mills reports, “PandaLabs connected the S21Sec employee’s microSD card to his PC and found that the smartphone was loaded with the malware on March 1, more than a week before he had received the phone from Vodafone.”

Full article here.

MacDailyNews Take: Again: Ah, the joys of an “open” (sort of) platform. By the way, there are currently tens of millions more iPhone OS devices than there are Android devices in the world today, yet Android is the one that’s infected. The “security via obscurity” argument fails yet again.

[Thanks to MacDailyNews Reader "Richard V." for the heads up.]

14 Comments

Flybuy

Thursday, March 18, 2010 - 8:51 am · Reply

When will this world get it to STOP using garbage phones and use iPhones?

Joe

Thursday, March 18, 2010 - 8:51 am · Reply

Looks like Nexus One is next.

Priused

Thursday, March 18, 2010 - 9:25 am · Reply

Just one of the many innovations that HTC brings to their line of phones.

Slartibartfast

Thursday, March 18, 2010 - 9:31 am · Reply

there goes obscurity through security once more…

Slartibartfast

Thursday, March 18, 2010 - 9:32 am · Reply

haha… i meant…

securtity through obscurity

Ubermac

Thursday, March 18, 2010 - 10:01 am · Reply

Look, this only news on the Mac sites. The PC bozos have accepted the presence of malware on their stuff as normal.

I feel pitty for these idiots.

Predrag

Thursday, March 18, 2010 - 10:39 am · Reply

It seems that the inability to use the iPhone as a removable media (the way you can with most iPods) has its benefits. The malware in question was simply copied to the included micro-SD card. As soon as an Android phone is connected to a PC, the card automatically mounts as a volume (or, in Windows jargon, appears as an E: drive). Autorun.exe makes sure malware is immediately copied onto that PC and launched to begin its sinister deed.

There is something to be said about the walled garden, no-volume-mounting concept of the iPhone.

justme2

Thursday, March 18, 2010 - 11:24 am · Reply

@Predrag: Also shows the benefits of using only a Mac to sync your phones; that autorun.exe file will do nothing on a Mac if I assume correctly.

The question is where the malware originated — was this a factory issue regarding a brand new phone, or a store issue with a refurbished phone that they may have been trying to pass off as new?

John

Thursday, March 18, 2010 - 12:43 pm · Reply

Here’s a good example of why Apple screens there apps before setting them free in there App store. If not there probably would have had something like this happen as well.
People bitch about how Apple is strict with there screening process yet how would you like a virus on your phone and have to erase all the data, and you didn’t have a backup. I think this is one good reason to smile with how Apple does things, to keep us users safe!