Scam of the Week – RottenSys Malware Infects 5 Million Android Phones

Researchers at Check Point Security have discovered a massive on going malware campaign that has already infected 5 million mobile devices worldwide.

Dubbed RottenSys, the malicious software disguises itself as a tool to help manage Wi-Fi connections and has been pre-installed in millions of brand new android smartphones manufactured by Huawei, Honor, Samsung, OPPO, Xiaomi, Vivo and GIONEE.

It’s thought that the aggressive malware has been installed onto the devices at some stage during the supply chain process as the researchers found that 49 % of all infected devices had been distributed by an outsourced mobile phone supply chain distributor called Tian Pai in China.

Disguised on the phones as a harmless system Wi-Fi update, the malware lies dormant until it’s given a command from a control server which then activates the malicious software and it’s ready to strike.

The malware then pushes an extremely aggressive adware component to all infected devices that displays advertisements and pop-ups on the device’s home screen to generate fraudulent ad-revenues.

The hackers have already pocketed $115,000 in just 10 days from releasing RottenSys and in addition to the release of malware, the control and command server are able to take full control all devices, monitor online activities, steal files and lock them.

The more worrying suggestion is that the mobile phones have been infected with the malware to form one giant botnet network. Some of the infected devices have been installing a new RottenSys component that gives attackers more extensive abilities, including silently installing UI automation and additional apps.

Researchers noted that part of the controlling mechanism of the botnet is implemented in Lua scripts and without intervention, the attackers could re-use their existing malware distribution channel to take control over millions of devices.

To check if your Android device is infected with the RottenSys malware, go to the Android system settings. Click on App Manager and then check for the following possible malware package names:

• android.yellowcalendarz

• changmi.launcher

• android.services.securewifi

• system.service.zdsgt

If any of the above list is in your installed apps, simply uninstall it.

For further information on how to protect yourself from cyber-crime, click here

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations