According to a translated version of his 5 April post, Born was made aware of issues with the devices, that resembled those that arise after malware attacks, since 1 April.
Security researcher Nathan Collier of Malwarebytes pointed out that "the names Gigaset and Siemens have considerable overlap – Gigaset was formerly known as Siemens Home and Office Communications Devices".
Born listed the following oddities as taking place on Gigaset devices:
- Browser windows suddenly open with advertisements or redirect to gambling sites;
- WhatsApp accounts are blocked (due to critical activity);
- Facebook accounts may be taken over completely;
- SMS messages may be sent automatically;
- The device goes into "Do not disturb" mode;
- The battery is drained quickly; and
- The smartphone is slow.
He said the following models appeared to be infected:
- Gigaset GS270; Android OS 8.1.0
- Gigaset GS160; Android OS 8.1.0
- Siemens GS270; Android OS 8.1.0
- Siemens GS160; Android OS 8.1.0
- Alps P40pro; Android OS 9.0
- Alps S20pro+; Android OS 10.0
Collier also added a word of caution: "It is important to realise that every mobile device has some type of system update app. Unless you are experiencing the exact behaviours [outlined here], you are most likely not infected.
"Another key point is that this pre-installed update app is the not the same as what is described in Android 'System Update' malware steals photos, videos, GPS location. In that case, the malware is simply hiding as an update app, but is not a pre-installed system app."
Collier provided a somewhat complicated method to get rid of the malicious app for the moment and also detailed how to install it once Gigaset came up with a solution.
iTWire has contacted Gigaset for comment.