A hacker working under the moniker “tlns” is making headlines after HTC Magic handsets sold and distributed by Vodafone have been found to be infected with botnet software known as Mariposa along with the code necessary to create and launch the Conficker worm and password-stealing trojans aimed at players of the online game Lineage.
A quick analysis of the malware reveals that it is in fact a Mariposa bot client. This one, unlike the one announced last week which was run by Spanish hacker group ‘DDP Team,’ is run by some guy named ‘tnls.’ Once infected you can see the malware ‘phoning home’ to receive further instructions, probably to steal all of the user’s credentials and send them to the malware writer.
Panda Security researcher Pedro Bustamante
The malware has already managed to compromise data from over 12 million IP addresses across 190 counties with the botnet spreading via USB drives and connections, online links and P2P networks. Vodafone has yet to comment on the situation.
