Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,188
- Points
- 113
Classic cell phones of the Russian brand Digma were infected with malware. Mobile phones do not support the installation of applications – dangerous software may have been integrated into them at one of the production stages. In Russia, Digma cell phones occupy almost 6% of the market, and their share is constantly growing. In marketplaces, their sales are several times higher than in offline retail.
A virus from the past
Mobile phones of the Digma brand, which, as reported by CNews, belongs to the IT distributor Merlion, contain an unpleasant surprise in the form of pre-installed malware, Kommersant writes. With it, hackers get almost full access to the device and can greatly harm the owner of the device.
The vulnerability allows attackers, among other things, to send SMS messages and intercept incoming SMS messages, including from the bank. The problem was pointed out to the publication by the interlocutor who bought the Digma phone for personal use. Understanding that something was wrong with the phone did not come immediately-only a month later, the owner of the device noticed that someone without his knowledge had registered an account in one of the popular messengers in Russia for his new number (purchased with the phone), over which the threat of blocking constantly hangs.
Everything was confirmed, but not quite
"Analysis of the gadget's firmware showed the presence of infection. Malicious functions are implemented in order to use the owner's phone number, " the source said.
It turned out that a simple push-button mobile phone, which has nothing in common with modern smartphones, regularly and with very specific frequency connects to a remote server in the background via the mobile Internet. After establishing a connection, the phone sends it data about the device's IMEI number, operator name, and SIM card ID.
As a response, various commands are received from the server: send an SMS with a specific text to a specific number, and so on. And so that the subscriber does not suspect anything, neither incoming nor outgoing messages processed by the malware are stored in the device's memory.
The owner of the phone contacted Digma and received a response that the company notes "anomalies" in the device's firmware. But at the same time, the company does not confirm the presence of a "hole" in the gadget, writes Kommersant.
The scale is potentially large
By the time the article was released, it was not known how many devices could have been infected with malware, and which models should be avoided if you want to buy a Digma phone. The CNews editorial board has addressed these questions to Merlion representatives and is awaiting a response. Questions were also asked about how the malware could get into the phones ' firmware, where they are manufactured, and how Merlion intends to solve this problem.
Digma is a fairly large player in the Russian market of classic cell phones. Gfk statistics provided by Kommersant state that in the first five months of 2024, their share was 5.9%, which is 10 percentage points more than a year earlier. Citilink, which is also directly linked to Merion, had eight Digma phone models on sale at the time of the material's release. Also, the CNews editorial board found out from in the catalogs of Ozon, Wildberries and Yandex Market, and at the same time "M.Video". The editors sent these retailers and marketplaces a question about plans to withdraw Digma phones from sale and are waiting for a response.
In " M.Video-Eldorado "CNews responded:" The brand is very little represented in our sales channels."
"At the moment, there are no grounds for blocking the relevant product cards. If there are demands from regulatory authorities, Wildberries will immediately take action, " Wildberries representatives told CNews.
"We closely monitor the assortment on the site and promptly respond to notifications from departments: if they are received in relation to goods, we will immediately take action," representatives of Ozon told CNews.
Russians very often buy Digma phones through marketplaces. According to Kommersant, from January to May 2024 inclusive, they accounted for 13.6% of sales against 7.6% a year earlier.
"If the situation worsens, it can lead to massive data leaks," Mikhail Sergeev, a leading engineer at CorpSoft24, told the publication, emphasizing that SMS interception can also get the banking data of the device owner.
Who is to blame
Despite the fact that Digma is a Russian brand, its cell phones are not produced in Russia at all – they are assembled in Chinese factories. It is possible that China is the source of the problem, but at the time of the release of the material, this was not known for certain. However, Anatoly Peskovsky, an expert in Informzashchita's cyber threat modeling and research department, told Kommersant that the problem of malware embedded in the firmware "is often found in Chinese-made phones."
It is worth noting that the problem of the built-in firmware applies to phones not only of the Digma brand. So, in 2020, CNews wrote that the Chinese holding Transsion, which owns, among other things, the popular smartphone brand Tecno in Russia, was caught in such a case. And in 2021, Kommersant reported a similar situation with mobile phones of the Dexp brands (owned by the DNS network) and Irbis.
In 2023, it turned out that immediately 50 well-known manufacturers of equipment began to produce smart equipment based on Android with pre-installed viruses and adware. They do this against their will – hackers managed to compromise the production process and inject malware into the devices ' firmware. Smartphones, televisions, watches and even set-top boxes were infected – the devices spread all over the world and reached Russia. The number of dangerous gadgets is estimated in the millions.
Addition
After the article was published, the CNews editorial office received Digma's comment. It is shown without changes.
"Digma push-button phones lack functionality that can be classified as a backdoor or embedded vulnerability. The firmware has built-in functionality from a third-party Russian service, the purpose of which is to exchange SMS messages in a fixed format to personalize available entertainment and information services in a particular region-horoscopes, weather, jokes, etc. This type of messaging is completely free for users. Paid services are enabled only with the user's explicit consent. Any other functionality, including allegedly hidden user registration in instant messengers, is not available in Digma devices. Our marketing research shows that the above-mentioned entertainment functionality is the most popular among users of push-button phones, so our main intention of embedding this functionality in the firmware is to improve the customer experience. We do not plan to withdraw phones from sale, as we do not see any grounds for this. We will plan an extraordinary independent testing of our devices to find vulnerabilities in the firmware of push-button phones from large independent companies and publish the results."
A virus from the past
Mobile phones of the Digma brand, which, as reported by CNews, belongs to the IT distributor Merlion, contain an unpleasant surprise in the form of pre-installed malware, Kommersant writes. With it, hackers get almost full access to the device and can greatly harm the owner of the device.
The vulnerability allows attackers, among other things, to send SMS messages and intercept incoming SMS messages, including from the bank. The problem was pointed out to the publication by the interlocutor who bought the Digma phone for personal use. Understanding that something was wrong with the phone did not come immediately-only a month later, the owner of the device noticed that someone without his knowledge had registered an account in one of the popular messengers in Russia for his new number (purchased with the phone), over which the threat of blocking constantly hangs.
Everything was confirmed, but not quite
"Analysis of the gadget's firmware showed the presence of infection. Malicious functions are implemented in order to use the owner's phone number, " the source said.
It turned out that a simple push-button mobile phone, which has nothing in common with modern smartphones, regularly and with very specific frequency connects to a remote server in the background via the mobile Internet. After establishing a connection, the phone sends it data about the device's IMEI number, operator name, and SIM card ID.
As a response, various commands are received from the server: send an SMS with a specific text to a specific number, and so on. And so that the subscriber does not suspect anything, neither incoming nor outgoing messages processed by the malware are stored in the device's memory.
The owner of the phone contacted Digma and received a response that the company notes "anomalies" in the device's firmware. But at the same time, the company does not confirm the presence of a "hole" in the gadget, writes Kommersant.
The scale is potentially large
By the time the article was released, it was not known how many devices could have been infected with malware, and which models should be avoided if you want to buy a Digma phone. The CNews editorial board has addressed these questions to Merlion representatives and is awaiting a response. Questions were also asked about how the malware could get into the phones ' firmware, where they are manufactured, and how Merlion intends to solve this problem.
Digma is a fairly large player in the Russian market of classic cell phones. Gfk statistics provided by Kommersant state that in the first five months of 2024, their share was 5.9%, which is 10 percentage points more than a year earlier. Citilink, which is also directly linked to Merion, had eight Digma phone models on sale at the time of the material's release. Also, the CNews editorial board found out from in the catalogs of Ozon, Wildberries and Yandex Market, and at the same time "M.Video". The editors sent these retailers and marketplaces a question about plans to withdraw Digma phones from sale and are waiting for a response.
In " M.Video-Eldorado "CNews responded:" The brand is very little represented in our sales channels."
"At the moment, there are no grounds for blocking the relevant product cards. If there are demands from regulatory authorities, Wildberries will immediately take action, " Wildberries representatives told CNews.
"We closely monitor the assortment on the site and promptly respond to notifications from departments: if they are received in relation to goods, we will immediately take action," representatives of Ozon told CNews.
Russians very often buy Digma phones through marketplaces. According to Kommersant, from January to May 2024 inclusive, they accounted for 13.6% of sales against 7.6% a year earlier.
"If the situation worsens, it can lead to massive data leaks," Mikhail Sergeev, a leading engineer at CorpSoft24, told the publication, emphasizing that SMS interception can also get the banking data of the device owner.
Who is to blame
Despite the fact that Digma is a Russian brand, its cell phones are not produced in Russia at all – they are assembled in Chinese factories. It is possible that China is the source of the problem, but at the time of the release of the material, this was not known for certain. However, Anatoly Peskovsky, an expert in Informzashchita's cyber threat modeling and research department, told Kommersant that the problem of malware embedded in the firmware "is often found in Chinese-made phones."
It is worth noting that the problem of the built-in firmware applies to phones not only of the Digma brand. So, in 2020, CNews wrote that the Chinese holding Transsion, which owns, among other things, the popular smartphone brand Tecno in Russia, was caught in such a case. And in 2021, Kommersant reported a similar situation with mobile phones of the Dexp brands (owned by the DNS network) and Irbis.
In 2023, it turned out that immediately 50 well-known manufacturers of equipment began to produce smart equipment based on Android with pre-installed viruses and adware. They do this against their will – hackers managed to compromise the production process and inject malware into the devices ' firmware. Smartphones, televisions, watches and even set-top boxes were infected – the devices spread all over the world and reached Russia. The number of dangerous gadgets is estimated in the millions.
Addition
After the article was published, the CNews editorial office received Digma's comment. It is shown without changes.
"Digma push-button phones lack functionality that can be classified as a backdoor or embedded vulnerability. The firmware has built-in functionality from a third-party Russian service, the purpose of which is to exchange SMS messages in a fixed format to personalize available entertainment and information services in a particular region-horoscopes, weather, jokes, etc. This type of messaging is completely free for users. Paid services are enabled only with the user's explicit consent. Any other functionality, including allegedly hidden user registration in instant messengers, is not available in Digma devices. Our marketing research shows that the above-mentioned entertainment functionality is the most popular among users of push-button phones, so our main intention of embedding this functionality in the firmware is to improve the customer experience. We do not plan to withdraw phones from sale, as we do not see any grounds for this. We will plan an extraordinary independent testing of our devices to find vulnerabilities in the firmware of push-button phones from large independent companies and publish the results."
