- Apr 24, 2016
More info can be found in this blog post:A quick update for all those affected by the malware infection of Gigaset Android devices via update server. I had on April 5, 2021 a phone conversation with German vendor Gigaset where they informed me about a few preliminary details of this case.
The malware attack on Gigaset Android devices
Since around Thursday (April 2, 2021), there has been a massive attack on Android devices of Chinese owned German vendor Gigaset. Numerous users have been reporting malware infections of the device since last week. First reports I saw were from April 1, 2021, more reports came in on April 2, 3, 4, 2021. Unwanted adware apps are automatically installed and on the devices and hijacked browsers on smartphones. The consequences are serious for the device owners:
Initial indications from affected users suggest that data may also have been deducted from the smartphones. I had reported extensively on this issue in the blog post German Gigaset Android Update Server probably delivers malware (more posts are only available within my German blog). A supplementary state of affairs can be found in the blog post News about the Gigaset Android smartphone malware attack (April 2021). In the German blog post Malwareangriff: Was Gigaset Android-Gerätebesitzer jetzt machen sollten, I had recommended decommissioning the devices (remove battery and SIM card, change the Wi-Fi password of your routers) until by the manufacturer has released how to proceed.The reason: My German blog readers had tried to remove the malware using several tools and Android Debug Bridge (ADB). The experience was, that in most cases the infection was repeated after a few hours. And a shutdown of the device wasn’t possible anymore – so it’s a high risk, that personal data will be deducted from the smartphones.
- Browser windows suddenly open with advertisements or redirect to gambling sites
- WhatsApp accounts are blocked (due to critical activities)
- Facebook accounts may be taken over completely
- SMS messages may be sent automatically
- The device goes into “do not disturb” mode
- The battery is drained quickly
- The smartphone becomes slow
Preliminary information from Gigaset
On April 6, 2021, I had a call from the quality assurance of the manufacturer Gigaset at around 16:36, in which I was given initial information. Currently, the following state of affairs, after investigations by the manufacturer is largely assured.
Device owners whose smartphones have not been affected so far can probably – according to the first cautious assessment – use them again. There are also indications that the manufacturer will soon be able to clean affected devices via an update. Here I still wait until Gigaset provides the final result of an investigation in a written statement – they promised me for later today.
- Only a part of the devices is affected by malware – (devices that are supplied via a certain update server).
- An update server used by Gigaset devices for updating was compromised, so that the affected devices were infected by malware.
- According to current knowledge, this compromise of the update server has probably been resolved, so that malware is no longer reinstalled.