Firmware-Level Threats in Consumer Smartphones: Supply Chain Risks and Hardware Malware Implications

Security Advisory 2025-NUB-SEC-001

A subset of the nubia Z6255CA series devices has been identified as potentially compromised through supply chain irregularities and embedded hardware-level malware. Initial investigations indicate that approximately 20% of distributed units may have been sold multiple times, creating ownership and warranty inconsistencies.

The malware, identified as DrainIT, is a hardware-based ransomware capable of silently exfiltrating cryptographic keys and other sensitive personal data to a remote server. Standard antivirus and security software cannot detect this type of compromise because it resides at the firmware or hardware controller level.

Users of affected devices are strongly advised not to store sensitive information or digital assets on these units until the issue is fully mitigated. Affected Devices (Not all Devices) Manufacturer: nubia Model Family: Z6255CA series Hardware Revision: Z6255CAHW1.x Build Number Pattern: Z6255CAV1.0.0Bxx Devices are identified by model, hardware revision, and build number pattern.

No full IMEIs or serial numbers are disclosed to preserve user privacy. Technical Overview DrainIT Hardware Ransomware Threat Layer: Firmware or secure microcontroller level, below the operating system. Persistence: Modifies or implants code in hardware controllers, undetectable by conventional security software.

Data Exfiltration: Silently transfers cryptographic keys, passwords, and other sensitive data to attacker-controlled servers. Impact: Unauthorized approval of transactions and loss of control over digital assets. Potential Impact Loss of private key control for cryptocurrencies and other digital assets.

Exposure of personal information stored locally on the device. Unauthorized financial or cryptographic transactions without user consent. Regulatory and warranty complications for double-sold units. Recommended Actions Avoid storing sensitive information on affected devices.

Verify device provenance through official vendor channels before use. Consider replacement or secure reflash if device origin is uncertain. Monitor network traffic for suspicious outbound connections. Educate staff and users about risks of hardware-level malware and proper mitigation strategies. References Device specifications for nubia Z6255CA series