Gigaset smartphones infected with malware due to compromised update server

Hackers have compromised at least one update server of German smartphone maker Gigaset and deployed malware to some of the company's customers.

The German company, which previously operated under the Siemens Mobile and BenQ-Siemens brands and was one of the largest mobile phone makers in the early 2000s before the smartphone era, admitted to the security breach in statements today to German news sites Heise and BornCity.

According to reports from German bloggersTwitter users, and the Google support forums, the security breach appears to have taken place on Friday, April 2, 2021.

Starting Friday, users reported the sudden installation of never-before-seen apps that appeared to drain device batteries and repeatedly opened web browsers to gambling and ad-laden sites (see images in the tweet below).

Furthermore, device owners also reported that their devices sent unsolicited SMS and WhatsApp spam, with some users having WhatsApp accounts suspended for suspicious activity. In addition, some users also reported losing control over their entire Facebook accounts.

Gigaset working on solution to remove malware

According to information shared by users who had smartphones impacted by this incident, the following apps appear to have been installed without permission since last week:

 com.yileiya.ayase ("Tayase")
 com.wagd.xiaoan ("xiaoan")
 com.wagd.smarter ("smart")
 BBQ Browser

Many users reported difficulties in removing the apps, which reappeared on users' devices after being uninstalled.

But according to Gigaset, not all users were impacted by this incident, and only those who received firmware updates from one specific server. The company says it's currently working "on a short-term solution for the affected users."

We are working closely with IT forensic experts and the relevant authorities. We will inform the affected users as quickly as possible and provide information on how to resolve the problem.

Gigaset spokesperson

The smartphone maker hopes to have a solution ready within 48 hours to remove the malware from affected devices.

Gigaset said that mostly older devices were impacted and received tainted firmware updates. Newer models were not affected, the company said. Non-impacted Gigaset models included GS110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290 plus, GX290 PRO, GS3, and GS4.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.