The German device maker Gigaset was the victim of supply chain attack and threat actors compromised at least one server of the company to drop malware.
Gigaset AG, earlier known as Siemens Home and Office Communication Devices, is a multinational corporation based in Germany. Gigaset manufactures DECT telephones.
The company which is most active in the area of communications technology had 888 employees and a revenue of 280 million Euro and sales activities in approximately 70 countries as of 2018.
The supply chain attack occurred on April 1, 2021, and the malware was delivered to the Android devices of the German vendor.
The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app. This app is not only the mobile device’s system updater, but also an auto installer known as Android/PUP.Riskware.Autoins.Redstone.
According to the blog BornCity, several users have been reporting malware infections, their devices were infected with adware designed to display unwanted and invasive ads. Many Android users reported the infections on the Google support forums
The potential consequences of the infections as reported include
- Browser windows suddenly open with advertisements or redirect to gambling sites
- WhatsApp accounts are blocked
- Facebook accounts may be taken over completely
- SMS messages may be sent automatically
- The device goes into “do not disturb” mode
- The battery is drained quickly
- The smartphone becomes slow
Gigaset confirmed the supply chain attack and revealed that only users who received firmware updates from one of the compromised servers were impacted. The mobile maker is already working on a short-term solution for the affected users.
Gigaset is working closely with IT forensic experts and the relevant authorities. All the affected users will be informed as quickly as possible and provide information on how to resolve the problem.
It has also been found that the incident only affects older devices.
According to a Gigaset spokesperson , they currently assume that the GS110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290 plus, GX290 PRO, GS3 and GS4 devices are not affected.
Image Credits : LinkedIn