RottenSys pre-installed malware found on phones

It is natural to believe that a new phone is supposed to be safe, uncluttered, free from hundreds of pictures and applications. There are some apps that are pre-installed into phones, but they could not possibly be harmful if they were added by legitimate manufacturers, right?

While specialists do observe the pre-installed programs, it appears that they do make mistakes. Researchers have exposed another massive and continuously growing malware campaign. It has already absorbed approximately 5 million Android devices.

RottenSys malware hides behind a “System Wi-Fi Service” app

RottenSys malware

This time, the malware called RottenSys did not need to use deceptive pop-ups, bundling or exploit kits. As the matter of fact, millions of brand new smartphones were delivered to clients while being already infected with this malware threat. Therefore, if you are using a recent model from Xiaomi, Vivo, Samsung, Honor, Huawei, GIONEE and OPPO, you should take a closer look at your apps.

The RottenSys malware came into mobile phones as a seemingly harmless “System Wi-Fi service”. All of the compromised models came from TianPai, a Hangzou-based phone distributor. However, security researchers are not rushing to point fingers or to make accusations: it is too soon to blame the distributor for this malware campaign.

Check Point Mobile Security Team was the one to reveal RottenSys malware. According to their conducted research, the threat comes from a sophisticated piece of malware. Since it is called “System Wi-Fi Service”, mobile phone users might assume that the pre-installed app might somehow makes sure that the Wi-Fi connection works smoothly. Sorry to disappoint, but the app is only meant to hide the RottenSys malware.

RottenSys malware will show ads, but can take control over your device

RottenSys malware is also quite evasive. Initially, the pre-installed app does not have any malicious components. Therefore, researchers do not have reason to raise red-flags about it. The tool also does not start its activity immediately and sleeps for quite some time. The malware rests until commands are sent from Command&Control servers. Then, the “System Wi-fi service” receives its malicious components and its ready to strike.

You might be asking: how does RottenSys malware affect computers? According to researchers, it is very similar to adware parasites, generating streams of objectionable third-party content. Therefore, people that are infected with this parasite will have to sit through tons of ads, designed for mobile phones. If you think this strategy cannot be profitable for the hackers, you would be very wrong.

In just 10 days, RottenSys malware managed to make hackers richer with $115,000 dollars. In addition to this, since any type of malicious command can be sent to the malware from the C&C servers, crooks could do so much more damage. They can monitor your online activities, steal your files or lock them. To make matters worse, researchers have uncovered the fact that the creators of RottenSys are creating a botnet, consisting of all phones infected with this malware.

Source: research.checkpoint.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments