Source: https://unsplash.com/@giuliamay

Solution Malware Attack Smartphones

8. April 2021 Published by Raphael Doerr


This information is no longer up to date. You can find the latest article on the topic here!

During routine control analyses we noticed that some older smartphones are having problems with malware. This finding was also confirmed by individual customers after enquiries were made. We immediately started investigating the incident intensely by working closely with IT forensic experts and the responsible authorities. In the meantime we were able to identify a solution to the problem.

Only older smartphone models of the GS100, GS160, GS170, GS180, GS270 (plus) and GS370 (plus) series are potentially affected.

Not affected by this incident are the smartphone models of the GS110, GS185, GS190, GS195, GS195LS, GS280, GS290, GX290, GX290plus, GX290 PRO, GS3 and GS4 series.

According to our latest information only some devices from the affected product lines were infected. Only devices on which the software updates provided by Gigaset in the past were not carried out by the user are affected. Malware was installed on these devices by a compromised server belonging to an external update service provider.

Gigaset took immediate action and contacted the update service provider. The update service provider also took immediate action and confirmed to Gigaset that the infection of smartphones could be stopped on 7 April.

Measures have been taken to automatically rid infected devices of the malware. In order for this to happen the devices must be connected to the internet (WLAN, WiFi or mobile data). We also recommend connecting the devices to their chargers. Affected devices should automatically be freed from the malware within 8 hours.

Alternatively, users can check and clean their devices manually. Please proceed as follows:

Check if your device is affected

  1. Check your software version. The current software version can be found under “Settings”à “About the phone” and at the bottom under “Build number”.
  2. If your software version is lower than or equal to the bolded version numbers below, your device could potentially be affected
  • GS160                  all software versions
  • GS170                  all software versions
  • GS180                  all software versions
  • GS100                  up to version GS100_HW1.0_XXX_V19
  • GS270                  up to version GIG_GS270_S138
  • GS270 plus         up to version GIG_GS270_plus_S139
  • GS370                  up to version GIG_GS370_S128
  • GS370 plus         up to version GIG_GS370_plus_S128

Uninstall the malware manually

  1. Switch on the smartphone
  2. Check whether your device is infected by verifying under “Settings” à”App” whether one or more of the following apps are displayed:
  • Gem
  • Smart
  • Xiaoan
  • easenf
  • Tayase
  • yhn4621.ujm0317
  • wagd.smarter
  • wagd.xiaoan

If you find one or more of the above apps, please delete them manually.

  • Open the settings (cogwheel icon).
  • Click on Apps & Notifications.
  • Click on App Info.
  • Click on the desired app.
  • Click on the Uninstall button.
  1. Now check again whether all of the above apps have been uninstalled. If the apps are still present, please contact Gigaset Service on +49 (0)2871 912 912 (At your provider’s landline rate).
  2. If all of the apps mentioned above have been uninstalled, we recommend that you carry out all software updates available for your device.

We apologise for any inconvenience caused and will keep you informed of further developments.

Leave a Reply

Your email address will not be published. Required fields are marked *