Skip to main content

Pre-Installed Malware Found On 5 Million Popular Android Phones


Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide.

Dubbed RottenSys, the malware that disguised as a 'System Wi-Fi service' app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain.

All these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, but researchers are not sure if the company has direct involvement in this campaign.

According to Check Point Mobile Security Team, who uncovered this campaign, RottenSys is an advanced piece of malware that doesn't provide any secure Wi-Fi related service but takes almost all sensitive Android permissions to enable its malicious activities.
"According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were infected by RottenSys," researchers said.
To evade detection, the fake System Wi-Fi service app comes initially with no malicious component and doesn’t immediately start any malicious activity.

Instead, RottenSys has been designed to communicate with its command-and-control servers to get the list of required components, which contain the actual malicious code.

RottenSys then downloads and installs each of them accordingly, using the "DOWNLOAD_WITHOUT_NOTIFICATION" permission that does not require any user interaction.

Hackers Earned $115,000 in Just Last 10 Days

android-hacking-software
At this moment, the massive malware campaign pushes an adware component to all infected devices that aggressively displays advertisements on the device’s home screen, as pop-up windows or full-screen ads to generate fraudulent ad-revenues.
"RottenSys is an extremely aggressive ad network. In the past 10 days alone, it popped aggressive ads 13,250,756 times (called impressions in the ad industry), and 548,822 of which were translated into ad clicks," researchers said.
According to the CheckPoint researchers, the malware has made its authors more than $115,000 in the last 10 days alone, but the attackers are up to "something far more damaging than simply displaying uninvited advertisements."

Since RottenSys has been designed to download and install any new components from its C&C server, attackers can easily weaponize or take full control over millions of infected devices.

The investigation also disclosed some evidence that the RottenSys attackers have already started turning millions of those infected devices into a massive botnet network.

Some infected devices have been found installing a new RottenSys component that gives attackers more extensive abilities, including silently installing additional apps and UI automation.
"Interestingly, a part of the controlling mechanism of the botnet is implemented in Lua scripts. Without intervention, the attackers could re-use their existing malware distribution channel and soon grasp control over millions of devices," researchers noted.
This is not the first time when CheckPoint researchers found top-notch brands affected with the supply chain attack.

Last year, the firm found smartphone belonging to Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, infected with two pieces of pre-installed malware (Loki Trojan and SLocker mobile ransomware) designed to spy on users.

How to Detect and Remove Android Malware?


To check if your device is being infected with this malware, go to Android system settings→ App Manager, and then look for the following possible malware package names:
  • com.android.yellowcalendarz (每日黄历)
  • com.changmi.launcher (畅米桌面)
  • com.android.services.securewifi (系统WIFI服务)
  • com.system.service.zdsgt

YOU MAY ALSO LIKE:

Labels:
Location: United States

Comments

Post a Comment

Popular posts from this blog

DJI Spark vs. Parrot Bebop 2 Which One Is The Best

It's a Parrot vs DJI drone showdown Earlier this year, DJI announced it would be taking on the entry-level, selfie drone market with its  Spark . Along with challengers like the  Yuneec Breeze , the smallest DJI quadcopter is priced within touching distance of the bigger  Parrot Bebop 2 . How do they compare? Weight The Bebop is significantly heavier than the Spark, but that extra weight is an advantage in some ways. More on that in a minute. Battery Parrot has slotted a big battery into the Bebop 2 – the original Bebop had an 1100 mAh unit, compared to the 2700 mAh pack in the latest Bebop 2. That translates to a healthy flight time, too. Flight Time Parrot has a massive advantage over DJI when it comes to flight time. The bigger battery in the Bebop affords it a healthy 25 minute flight time, compared to 16 minutes for the Spark. The heavier Parrot drone is also likely to stand up better to buffeting in high winds. Range Both d...
Post a Comment
Read more

Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser. The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities. According to a security  advisory  published by Cisco, Firefox 58.0.1 addresses an 'arbitrary code execution’ flaw that originates due to 'insufficient sanitization' of HTML fragments in  chrome-privileged  documents (browser UI). Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or ' opening a file that submits malicious input to the affected software .' "A successful exploit could allow the a...
Post a Comment
Read more

8 Best Facebook Alternatives With Focus On Privacy For 2018

If you try to keep yourself updated with the latest developments in the technology and security world, you must be knowing about the recent Facebook-CA scandal. While most of us knew about Facebook’s relentless data collection practices, this revelation has forced many of us to raise questions and look for Facebook alternatives. Some are even looking for ways to permanently delete their Facebook account. There are many social networks, messaging apps, and news aggregation sites that you can get as a replacement of Facebook. So, let’s tell you about them in brief: Top 8 alternatives to Facebook’s website and app 1.  Vero The subscriber usage data is the bread and butter of social networks like Facebook. Vero is an option in this case as it’s based on the subscription model; so, it doesn’t show ads and collect data for the same. This fast-growing social media alternative is only app-based. They do collect your usage stats but make it av...
Post a Comment
Read more