Panda Security is reporting a second incident of malware on Vodafone's HTC Magic, a Google Android smart phone. it provide a clear example for how smartphones are prime targets to become botnets once connected to a user's personal computer.
The incidents provide real-world examples of how companies can inadvertently spread malware. It also raises questions about the quality assurance testing done by manufacturers and the carriers.
After the first discovery earlier this month, Vodafone said it was an isolated incident. But two days later the company announced the HTC Magic would be discontinued. Vodafone also deleted questions about the issue from its forums.
A Panda employee discovered the "Mariposa," virus after connecting it via USB her PC. Her Panda Cloud Anti-Virus software detected the malicious code, revealing that the smart phone was infected and spreading the virus to the PC.
Mariposa is a program that turns infected machines into botnets. it has infected more than 13 million computers, stealing credit card and bank log-in information.
In the second incident, an IT security expert who had bought the phone learned about the virus discovery. He decided to test his phone, using AVG anti-virus protection. Sure enough, his device also showed it had malware on it.
According to Panda Security:
This guy had also purchased an HTC Magic direct from Vodafone's official website the same week as my co-worker. He hadn't connected the phone to his PC yet, but as soon as he saw the news hurried back home, plugged it in via USB and scanned its memory card with both MalwareBytes and AVG Free. Lo and behold, Mariposa emerged again, exactly in the same way as in our original finding.
The HTC Magic has historically been sold in Europe.