Gigaset’s smartphones are victims of malware attacks. According to speculation, an update server may have been hacked, thus clearing the way for the malware.
Reports from those affected are piling up
Initial reports of problems with the Gigaset smartphones went to a blogger, who reported on the incidents with the phones. Further reports were then also received by the Google support forum. Those affected are likely to keep receiving unwanted ads on their phones. For example, the browser opens by itself, after which advertising appears or there is a redirect to pages with games of chance. Since the first reports, reports from users with the problems have been piling up.
Because of strange activities, some user accounts of WhatsApp have also been blocked, it seems that messages were sent from the affected devices here. In addition, the affected smartphones have become slower and the battery also discharges faster than usual. All this activity points to a problem with malware.
Adware to blame for ad impressions
Just the insertion of unwanted ads could indicate so-called adware. In the case of adware, cyber criminals earn money just by displaying advertisements. Often, there is much more behind it; in the background, other pages simply open and apps are downloaded automatically. These in turn are like an open barn door for malware. According to reports from those affected, they noticed that new apps were suddenly installed on their smartphones, thanks to the help of virus scanners.
Cause so far still unclear
How far the attacks on the smartphones of Gigaset still go and how the malware got on the smartphones, is not yet out. In addition, it is also not yet possible to say whether data may have been copied from the devices. At the moment, either the servers that deliver the Android updates for Gigaset’s smartphones and now also deliver the malware are suspected, or a SIM service provider could also be affected. More detailed information on this is unfortunately not yet known.
Update with a statement from Gigaset
During routine control analyses, we noticed that some older smartphones had malware issues. This finding was also confirmed by inquiries from individual customers.
We take the issue very seriously and are working intensively on a short-term solution for the affected users.
In doing so, we are working closely with IT forensic experts and the relevant authorities. We will inform the affected users as quickly as possible and provide information on how to resolve the problem.
We expect to be able to provide further information and a solution within 48 hours.
It is also important to mention at this point that, according to current knowledge, the incident only affects older devices.
We currently believe that the GS110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290 plus, GX290 PRO, GS3 and GS4 devices are not affected.Gigaset
During routine control analysis, we have noticed that some older smartphones have experienced malware issues. This finding was also confirmed by inquiries from individual customers. We immediately investigated the incident intensively, working closely with IT forensic experts and the relevant authorities. In the meantime, we were able to identify a solution to the problem.
Only older smartphone models in the GS100, GS160, GS170, GS180, GS270 (plus) and GS370 (plus) series are potentially affected.
Not affected by this incident are the smartphone series GS110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290plus, GX290 PRO, GS3 and GS4.
According to current information, only some devices from the affected product lines were infected, where the software updates provided by Gigaset in the past were not executed by the user. Malware was uploaded to these devices through a compromised server of an external update service provider.
Gigaset immediately intervened and contacted the update service provider. The update service provider took immediate action and confirmed to Gigaset that the infection of smartphones could be stopped on April 7.
Measures have been taken to automatically rid infected devices of the malware..
To do this, the devices must be connected to the Internet (WLAN, WiFi or mobile data). We also recommend connecting the devices to the charger. Affected devices should be automatically freed from the malware within 8 hours.
Alternatively, users can manually scan and clean their devices. Here, please proceed as follows:
Check if your device is affected.
- Check your software version. The current software version can be found under “Settings” à “About phone” at the bottom under “Build number”
- If your software version is lower or equal to the bolded version numbers below, your device is potentially affected
GS160 all software versions
GS170 all software versions
GS180 all software versions
GS100 up to version GS100_HW1.0_XXX_V19
GS270 up to version GIG_GS270_S138
GS270 plus up to version GIG_GS270_plus_S139
GS370 up to version GIG_GS370_S128
GS370 plus up to version GIG_GS370_plus_S128
Uninstall the malware manually.
- Start the smartphone
- Check if your device is infected by going to “Settings” à “App” and checking if one or more of the following apps are displayed:
- If you find one or more of the above apps, please delete them manually.
- Open the settings (gear icon).
- Tap Apps & Notifications.
- Tap on App Info.
- Tap the app you want.
- Click on the uninstall button.
- Now check again if all of the above apps are uninstalled. If the apps are still present, please contact Gigaset Service at +49 (0)2871 912 912 (At your provider’s landline rate).
- If none of the aforementioned apps are still installed, we recommend that you perform all software updates available for your device.
We apologize for any inconvenience caused and will keep you informed of further developments.Gigaset