Gigaset Android Update Server Hacked to Install Malware on Users’ Devices

Cyber Security

Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider.

Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update app.

The infections are said to have occurred starting March 27.

The German manufacturer of telecommunications devices said it took steps to alert the update service provider of the issue, following which further infections were prevented on April 7.

“Measures have been taken to automatically rid infected devices of the malware. In order for this to happen the devices must be connected to the internet (WLAN, WiFi or mobile data). We also recommend connecting the devices to their chargers. Affected devices should automatically be freed from the malware within 8 hours,” the company said in a statement shared with The Hacker News.

The full list of malware apps installed on the devices include —

  • Gem
  • Smart
  • Xiaoan
  • asenf
  • Tayase
  • com.yhn4621.ujm0317
  • com.wagd.smarter
  • com.wagd.xiaoan

Alternatively, Gigaset has also urged users to check for signs of any infection by visiting the Settings app and manually uninstall the apps in question, in addition to installing all software updates that may be available for the device.

Models GS160, GS170, and GS180 running all versions of the software, GS100 (up to version GS100_HW1.0_XXX_V19), GS270 (up to version GIG_GS270_S138), GS270 plus (up to version GIG_GS270_plus_S139), GS370 (up to version GIG_GS370_S128), and GS370 plus (up to version GIG_GS370_plus_S128) are affected.

As previously noted, Gigaset devices GS110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290plus, GX290 PRO, GS3, and GS4 series are not impacted by this incident.