A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores.
In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to detection.
ValdikSS, who set up a local 2G base station in order to intercept the phones' communications, said the devices also secretly notified a remote internet server when they were activated for the first time, even if the phones had no internet browser.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
