iGuRu

Real-time Technology News. Opinions & Tweaks

home / News / RottenSys: Pre-installed malware on popular Android phones

RottenSys: Pre-installed malware on popular Android phones

Security researchers have discovered a malware named RottenSys, which is pre-installed on nearly 5 million popular smartphones worldwide.

android botnet malware - RottenSys: Pre-installed malware on popular Android phones

The malware comes disguised as an application called "System Wi-Fi" and is pre-installed on millions of brand new Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE smartphones.

All of these affected devices were sold through the Chinese mobile phone distributor Tian Pai, based in Hangzhou, but there is no proof that the company is involved in this fraud.

According to Check Point Mobile Security Team, the team that uncovered this scam, RottenSys is an advanced malware that does not provide any secure Wi-Fi service, but instead receives almost all the sensitive rights from an Android device to trigger its malicious activity.

To cover its activity, the fake System Wi-Fi application is initially installed without the malware and does not immediately start malicious activity. After a while, RottenSys communicates with the servers that check it to get various malicious code packages.

RottenSys then downloads and installs these packages using the "DOWNLOAD_WITHOUT_NOTIFICATION" license that does not require any user action or permission.

At this time, this malware delivers to all infected devices an adware item that displays pop-ups on the device's home screen as pop-ups. Even full-screen ads have been reported, with the goal of generating advertising revenue.

According to Check Point researchers, malware has offered its creators over 115.000 dollars only in the last 10 days. The survey also revealed that RottenSys administrators have already begun turning millions of these infected devices into a massive botnet.

How to Check and Remove RottenSys Malware

To check if your device is infected with this malware, go to "Settings" and then "Installed Applications" (Settings> App Manager) and then look for the following possible malware package names:

  • com.android.yellowcalendarz (daily diary)
  • com.changmi.launcher (desktop)
  • com.android.services.securewifi (System WIFI)
  • com.system.service.zdsgt

If any of the above apps are listed in your installed apps list, simply uninstall it.


Subscribe to our newsletter

no spam

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News

Competition: tag: , , , ,

You May Also Like

Adware: How can it steal your personal data?
7 Android applications that act as a remote control for your computer
Google: how do we improve Android security?

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators

Leave your comment

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *