We’ve reported on new devices shipping with pre-installed malware before, and this time it’s the Android-based HTC Magic phone.
As reported today on Threat Post, a researcher at Panda Security connected the new phone–from European distributor Vodafone–to her PC and was alerted by her anti-virus software that the handset was infected with the Mariposa botnet client malware, which quickly attempted to infect other PCs in the network.
And perhaps even more shocking, this was not the only malware pre-loaded on the phone:
Interestingly enough, the Mariposa bot is not the only malware I found on the Vodafone HTC Magic phone. There’s also a Confiker and a Lineage password stealing malware. I wonder who’s doing QA at Vodafone and HTC these days…
Unbeknown to most end users, a new sophisticated piece of malware corrals consumer routers and DSL modems into a lethal botnet. Using a variety of strategies for exploitation, this could be an attack vector for the theft of personally identifying information – a technique that’s not going away, according to researchers at 
