RottenSys: Pre-installed malware on popular Android phones

Security researchers discovered a malware with the RottenSys, which is pre-installed on nearly 5 million popular smartphones worldwide.

The malware comes disguised as an app called “System Wi-Fi” and comes pre-installed on millions of brand new Honor smartphones, , Xiaomi, OPPO, Vivo, Samsung and GIONEE.

All of these affected devices were sold through Chinese mobile phone distributor Tian Pai, based in Hangzhou, but there is no evidence that the company is involved in she.

According to Check Point Mobile Security Team, the team that uncovered this scam, RottenSys is an advanced malware that does not provide any secure Wi-Fi service, but instead receives almost all the sensitive rights from an Android device to trigger its malicious activity.

To cover up its activity, the fake System Wi-Fi app installs without the malware at first and does not immediately start the malicious activity. After a while RottenSys communicates with the servers it controls to receive various packets of malicious code.

RottenSys then downloads and installs these packages using the "DOWNLOAD_WITHOUT_NOTIFICATION" license that does not require any user action or permission.

At this time, this malware delivers to all infected devices an adware item that displays pop-ups on the device's home screen as pop-ups. Even full-screen ads have been reported, with the goal of generating advertising revenue.

According to of Check Point, the malware has offered its creators over $115.000 in the last 10 days alone. The investigation also revealed that RottenSys administrators have already begun turning millions of these infected devices into a massive botnet.

How to Check and Remove RottenSys Malware

To check if your device is infected with this malware, go to "Settings" and then "Installed Applications" (Settings> App Manager) and then look for the following possible malware package names:

  • com.android.yellowcalendarz (daily diary)
  • com.changmi.launcher (desktop)
  • com.android.services.securewifi (System WIFI)
  • com.system.service.zdsgt

If any of the above apps are listed in your installed apps list, simply uninstall it.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

androidCheck PointI'm sureservicessystem

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).