RottenSys: Pre-installed malware on popular Android phones

Security researchers have discovered a malware named RottenSys, which is pre-installed on nearly 5 million popular smartphones worldwide.

The malware comes disguised as an application called "System Wi-Fi" and is pre-installed on millions of brand new Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE smartphones.

All of these affected devices were sold through the Chinese distributor τηλεφώνων Tian Pai, που έχει έδρα την πόλη Χανγκτσόου, πλην όμως δεν υπάρχει κάποια απόδειξη ότι η is involved in this fraud.

According to Check Point Mobile Security Team, the team that exposed this scam, RottenSys is an advanced malware that provides no υπηρεσία Wi-Fi, αλλά αντίθετα λαμβάνει σχεδόν όλα τα ευαίσθητα δικαιώματα από μία Android to enable its malicious activities.

To cover its activity, the fake System Wi-Fi application is initially installed without the malware and does not immediately start malicious activity. After a while, RottenSys communicates with the servers that check it to get various malicious code packages.

RottenSys then downloads and installs these packages using the "DOWNLOAD_WITHOUT_NOTIFICATION" license that does not require any user action or permission.

At this time, the malware in question promotes to all infected devices a component which displays as pop-ups, aggressive ads on the home screen of the device. There have even been reports of full-screen ads, with the goal, of course, of generating ad revenue.

According to Check Point researchers, malware has offered its creators over 115.000 dollars only in the last 10 days. The survey also revealed that RottenSys administrators have already begun turning millions of these infected devices into a massive botnet.

How to Check and Remove RottenSys Malware

To check if your device is infected with this malware, go to "Settings" and then "Installed Applications" (Settings> App Manager) and then look for the following possible malware package names:

  • com.android.yellowcalendarz (daily diary)
  • com.changmi.launcher (desktop)
  • com.android.services.securewifi (System WIFI)
  • com.system.service.zdsgt

If any of the above apps are listed in your installed apps list, simply uninstall it.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

androidCheck PointI'm sureservicessystem

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).