Samsung picture frame CD shipped malware

The Samsung incident was physical-media supply chain rather than a compromised web download. Customers bought a digital picture frame, inserted the bundled CD, and installed Frame Manager XP 1.08 to connect the device to Windows. The trust came from the box on the shelf and the Samsung-branded installer media.

The infected installer was reported with the Sality family and related detections. Trend Micro described the malware as PE_SALITY.AM on the Samsung Frame Manager XP software, while The Register and SANS ISC relayed Amazon's warning to customers who had received the affected frames. The clean path was to remove the CD-installed software and install Frame Manager 1.082 from Samsung.

Amazon's notice named multiple Samsung frames sold through its store: SPF-85H, SPF-75H, SPF-76H, and SPF-83H. The reports do not establish that every unit or every model shipment carried the infected disc, so this record scopes the artifact to the Frame Manager XP 1.08 installer CD and treats the model list as affected-distribution context.

The case is a reminder that boxed hardware can carry software supply-chain risk without any network compromise. The installer media arrived with the product, so the user's first security decision was made before they ever visited a vendor download page.

Motive

Malware Distribution

Cause

Contaminated Physical Media

Transitive

No

• Samsung digital picture frame CD infected by virustheregister.com
• Yet Another Digital Picture Frame Malware Incidenttrendmicro.com
• Samsung Digital Picture Frame shipped with Malwareisc.sans.edu
• Amazon Warns Customers of Infected Digital Photo Framesfirewall.cx