A malware referred to as RottenSys has been discovered to have infected nearly 5 million devices since 2016. It is possible that the malware could have been installed on older devices as well.
Check Point Software Technologies, the company that discovered the infections, found that 49.2% of the infected devices had been shipped through Tian Pai, a Hangzhou based mobile phone distributor. At this point, it is not clear if Tian Pai is directly involved or not. The manufacturers that have been affected are Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE.
The malware is disguised as a System Wi-Fi service app that has no malicious code and doesn’t initially perform any malicious activity, in order to go unnoticed. After a set amount of time, the program communicates with its Command and Controller (C&C) server to download the components required for its activity. RottenSys then is able to use multiple open-source Android frameworks to ensure the continued functionality of the RottenSys and to feed advertisements to the user. From March third to March twelfth, the malware had generated over $115,000 in ad-click revenue.
It is unclear what the developers of RottenSys plan to use their massive botnet for besides aggressively serving people ads, but they do have the ability to send any code they want to the infected phones. This means they would be able to have the phones participate in large-scale botnet attacks.
In order to remove the malware from a device, a user has to remove four separate packages.
|Package Name||App Name|
There is nothing that consumers are able to do to prevent an attack of this nature from occurring. The only thing we can do is be extremely paranoid about the applications that come pre-installed on our phones. We need to check the permissions that the applications request and determine if the permission is something that the application should need. Of course, this is not a reasonable thing to ask of most people to do, and so most people are left at the mercy of the industry to keep their devices safe.
– Zachary Campanella