Scam of the Week – RottenSys Malware Infects 5 Million Android Phones

Researchers at Check Point Security have discovered a massive on going malware campaign that has already infected 5 million mobile devices worldwide.

Dubbed RottenSys, the malicious software disguises itself as a tool to help manage Wi-Fi connections and has been pre-installed in millions of brand new android smartphones manufactured by Huawei, Honor, Samsung, OPPO, Xiaomi, Vivo and GIONEE.

It’s thought that the aggressive malware has been installed onto the devices at some stage during the supply chain process as the researchers found that 49 % of all infected devices had been distributed by an outsourced mobile phone supply chain distributor called Tian Pai in China.

Disguised on the phones as a harmless system Wi-Fi update, the malware lies dormant until it’s given a command from a control server which then activates the malicious software and it’s ready to strike.

The malware then pushes an extremely aggressive adware component to all infected devices that displays advertisements and pop-ups on the device’s home screen to generate fraudulent ad-revenues.

The hackers have already pocketed $115,000 in just 10 days from releasing RottenSys and in addition to the release of malware, the control and command server are able to take full control all devices, monitor online activities, steal files and lock them.

The more worrying suggestion is that the mobile phones have been infected with the malware to form one giant botnet network. Some of the infected devices have been installing a new RottenSys component that gives attackers more extensive abilities, including silently installing UI automation and additional apps.

Researchers noted that part of the controlling mechanism of the botnet is implemented in Lua scripts and without intervention, the attackers could re-use their existing malware distribution channel to take control over millions of devices.

To check if your Android device is infected with the RottenSys malware, go to the Android system settings. Click on App Manager and then check for the following possible malware package names:

• android.yellowcalendarz

• changmi.launcher


• system.service.zdsgt

If any of the above list is in your installed apps, simply uninstall it.

For further information on how to protect yourself from cyber-crime, click here

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Protecting Charities from Cybercrime

Protecting Charities from Cybercrime

This week is Charity Fraud Awareness Week and it’s been specifically set up to provide charities with valuable advice on how they can protect themselves from the threat of fraud and cybercrime.
Read More »